International soccer celebrity David Beckham has joined the likes of the”naked wife,” Britney Spears and tennis beauty Anna Kournikova as the basisof a computer virus ploy that entices users with explicit pictures.
Instead of viewing pictures, users who click on an e-mailed link promisingthe pictures of Beckham — supposedly caught in flagrante delicto with a prostitute — have their machines taken over andturned into what is known as a “zombie,” a compromised computer.
The code is more specifically a Trojan horse, a new variant of Hackarmy,and while it has not spread as much as a major worm such as Nimda orSlammer, the Trojan is using one of the oldest tricks in the book andsucceeding, which troubles some security experts.
“Unfortunately, it probably speaks to the fact that the educationhappening out there is not as effective as a lot of us would hope,” Sophossenior security analyst Gregg Mastoras told TechNewsWorld.
“People don’tthink about who it’s coming from,” he added, referring to users’ trust thatthe link in fact leads to images.
The Trojan’s spread is also troubling in light of a recent JPEG picturefile flaw in Windows, which has been the basis for limited attacks, but notyet a worm, despite predictions of one.
Sophos indicated that distribution of the new Trojan horse had come “amidcontinuing rumors in the tabloid press about the state of the Beckham’smarriage.”
In an e-mail message, the text indicates Beckham “was caught byphotographers with his pants down…photographed with a Spanish hooker in arather compromising position. Photos yet to hit the newspapers have beenreleased here.”
Sophos said the message points to a Web site where a file purportedlycontaining the photographs can be downloaded. “In reality, the file containsa Trojan horse which can allow hackers to gain remote control of an innocentcomputer,” the security firm said in a report.
Social Engineering Gets Serious
Ken Dunham, iDefense’s director of malicious code intelligence, toldTechNewsWorld that the Hackarmy Trojan horse has been widespread in the last yearand has been promoted using claims of terrorism killings, popular names andpornographic material in user groups, where the links are typically posted.
“There’s just been a huge wave of that type of information this lastyear,” Dunham said.
Dunham said that although it is an old trick — known as socialengineering — to use pictures to entice victims, users shouldknow to be cautious of clicking on links. However, there are also a lot more people, many of themnewcomers, on the Internet, Dunham said.
“It’s a natural problem with the growth of the Internet,” Dunham said.”As it gets easier and more widespread, there will be new users and thereare going to be computers that are targeted on that basis.”
JPEG of Death Becomes Real
The Beckham Trojan also comes when Windows computer users have been warnedabout the danger of pictures because of a critical JPEG handlingvulnerability in Microsoft’s operating system.
While security experts agreed the exploits on the JPEG weakness had beenlimited, Sophos’ Mastoras said the picture-paved avenue of attack was something thathad previously only been imagined and was in fact the basis of a decade-oldhoax known as “the JPEG of death.”
“For us, what’s interesting is that five or so years ago, no one couldconceive of a virus in a JPEG,” Mastoras said. “People don’t think of animage as being able to contain a virus.”
Likening the JPEG hole to other previously doubted concerns such asviruses on mobile phones, Mastoras said the issues were a reflection of theincreased rate that viruses are appearing and their increased sophistication.
“These things pop up, and they’re real,” Mastoras said. “People need tobe always on guard.”