"There can be only one." . . . There's nothing stranger than the truth and while the story behind a vicious new bot is a bit humorous, the malware most assuredly is not. The bot creators may have maliciously crafted the bot with a hat tip to the movie Highlander as this is "one bot to dominate them all."
Most everyone shops online, but not all couples shop online together, so the security headline "Bot shopping with my wife" snagged my attention. Luis Corrons, technical director at PandaLabs, related a tale in which he walked away with lessons learned, including, "Your wife is always right, and in case she tells you something you don't have to ask about it anymore."
A new bot, Ainslot.L, is designed to steal everything. PandaSecurity reported, "This malware is designed to log user activities, download additional malware and take control of the system. Additionally, it acts as a banker Trojan, stealing log-in information related to banks. It also scans the computer looking for and removing other bots so that it becomes the only bot on the system."
Corrons' wife told him that she received a purchase confirmation email for clothing that she had not bought at the UK clothing company CULT. At first he blew it off as he thought, "How can she even remember what she bought? She buys thousands of clothes online, probably she doesn't remember it, this wouldn't be the first time."
Ah but she persisted, so after the 1,000th time she insisted she hadn't bought anything from that store, Corrons looked at what seemed to be a legit message. When he asked her one more time if she was sure she hadn't made a purchase, Corrons said, "She looked at me in a way that only your better half can do, and at that moment I understood that my life was in risk if I dare to ask again."
Often in phishing emails, English is not the social engineer's native language . . . but such is not the case for the cybercrooks behind the fake CULT order confirmation. This phishing email is elaborate and believable. If you click the URL to view the order, as many people might do especially since they didn't make any such purchase, you are directed to download what appears to be an Acrobat icon for a PDF copy of the purchase. However, the file is actually an EXE executable file which creates a registry entry under the name "Windows Defender" so it looks legit. It will be executed each time the computer boots and the changed values in the registry allow it to bypass the firewall.
Corrons wrote, "Once you have done it... bad news, this is a nasty Trojan with bot capabilities. It is designed to steal all kind of personal information: from Bank of America customers to players using the game platform Steam. And it will log everything you do in your computer, so the next time you go to Facebook, Gmail, etc. your passwords will be sent to the cybercriminals."
It doesn't stop there, as Ainslot.L searches for "other Trojans" and bot competitors like "Zeus, DarkComet, etc" and then "removes other bots from infected systems. It eliminates all competition, leaving the computer at its mercy." The anti-malware laboratory of PandaLabs said it's like "in the film Highlander: 'In the end there can be only one'."
Stay alert as this phishing fake order confirmation and "Highlander" Ainslot.L bot will surely move beyond allegedly coming from the CULT store.
As for the personal "bot shopping with my wife" lessons Corrons learned?
1. Your wife is always right, and in case she tells you something you don't have to ask about it anymore.
2. Remember everything you buy online to avoid being fooled.
Like this? Here's more posts:
- Backdoor in TRENDnet IP Cameras Provide Real-Time Peeping Tom Paradise?
- 25 More Ridiculous FBI Lists: You Might Be A Terrorist If . . .
- Firesheep moment for SCADA: Hacking critical infrastructure systems now as easy as pushing a button?
- Irony: Surveillance Industry Objects to Spying Secrets & Mass Monitoring Leaks
- Privacy Advocates Sue DHS for Big Bro Fake 'Friends' Monitoring Social Media
- Microsoft Store in India hacked, user data leaked, passwords stored in plain text
- Gov't: You have no right to anonymous speech on Twitter
- DARPA's Spy Telescope Will Stream Real-Time Video from Any Spot on Earth
- Busted! DOJ says you might be a felon if you clicked a link or opened email
- Security Researchers: 'Did Google Pull a Fast One on Firefox and Safari Users?'
- Social Media Monitoring on Gov't Steroids: Anything might come back to bite you
- Woz on smartphones: Wishes his iPhone could do all his Android can
- Data Privacy Day: Social media 'private' data is fair game for e-discovery in court
- Do you give up a reasonable expectation of privacy by carrying a cell phone?
Follow me on Twitter @PrivacyFanatic