Online Forum 4chan Under Attack Via New Technique of Malware Obfuscation

Latest news
Facebook Targeted with Valentine Attack Results in Malware FBI Likely Deployed Spyware for Surveillance on MegaUpload Cidrex Trojan Opens E-mail ids in ‘Yahoo,’ Uses CAPTCHA to secure them E-mail Supposedly Inviting to Conference, Serves Trojan Collaborated Effort towards Evading Spam

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
Amazon Accountholders get Fresh Phishing E-mail Enterprises Facilitated through Malware Circulation in Government Cyber-criminals Execute e-Payment Malware Assault Eleven Survey Rated Spam the Biggest E-mail Security Threat in Ten Years Websites Diverting End-users onto ‘Blackhole’ Increasing Within Russia: ESET

Trampolines usa

Online Forum 4chan Under Attack Via New Technique of Malware Obfuscation

Written by Administrator

Wednesday, 18 August 2010 13:00

MMPC or the Microsoft Malware Protection Center, the software company Microsoft's Internet software security wing reports that they've detected one new method of obfuscating malware that is being used against 4chan an online forum.

Explains the Center that the attack based on social engineering starts with the computer operator getting a 'Portable Network Graphics' (.PNG) file, which compresses its data as an image that's pretty harmless.

Interestingly, MMPC states that an end-user may do as per what is directed within the .PNG file and save the resultant content in the form of a .BMP i.e. bitmap file showing an .HTA extension. Consequently, as characteristic of .BMP files, the new file will get decompressed. Thereafter, it's disclosed that there will appear an image inside the file along with a JavaScript and a couple of executable files.

On investigating, the security researchers at Microsoft observed that they seemingly found the process as part of the evolutionary procedure of an exploit called 4chan.js. Moreover, the situation they noted depended on an end-user's faith in image files as well as his unfamiliarity about 'HTML Application' or .HTA files.

Michael Johnson an MMPC member while describing the malware assault that the Microsoft researchers identified stated that the JavaScript already mentioned was detected as Trojan:JS/Chafpin.gen!A. According to him, the MMPC team had currently witnessed 3 variants of the Trojan following the development of the malware creators' techniques. Softpedia.com published this on August 10, 2010.

Meanwhile, staff members of 4chan seeking to prevent the assaults are now deleting the numerous fake topics that the malware created. Nonetheless, the threat isn't occurring for the first time. The earliest assault based on social engineering that used this technique happened way back in 2008. Since then a number of mutations have occurred, according to the MMPC.

Says Johnson, the MMPC advises users that they shouldn't follow any direction accompanying a random graphic before them. Moreover, this should be particularly so when the directions involve changing the file to a random format and subsequently executing it. Indeed, the Center advises users not to execute arbitrary .HTA files under any circumstance, the MMPC researcher tells.

Read full article...