Tuesday, September 26, 2006

"Small SMiSh, Big Pond"

From McAfee blog:

"Just last month we received our first live example of SMiShing. This month we've received evidence that the author of VBS/Eliles.A has taken umbrage at the AV industry's naming conventions. Specifically rule #1: We never name malware after the author's suggested or intended name. This is to discourage people from writng new malware in order to gain notoriety.


The Eliles author, let's call him Eli, is not taking this sitting down. One of our contacts in Asia sent us a sample of Eli's latest attempt at fame, VBS/Eliles.B. Eli left some parts of his worm intact.

Like his first try, VBS/Eliles.B also:
  • Hides Drives,disables Registry editing and generally makes removing it a pain.
  • Tries to disable your antivirus software
  • Sends itself via email to any address it can find
  • Attempts a SMiShing attack against customers of two mobile phone companies based in Spain

VBS/Eliles.B additionally:
  • Runs a script that types Eli's complaints on our naming and the occasional insult in the current window
  • Tries to disable your firewall software

VBS/Eliles.B really brings nothing new to the table. Aside from the SMiShing routines, Eli hasn't created anything new. All the other routines appear to have been created with various ready-made malware toolkits."

[...]

"VBS/Eliles.A & B are not large threats. The disturbing part is that while the SMiShing routines are targeted locally to a specific country in Europe, VBS/Eliles.B has made it to another country in Asia.

VBS scripts are distributed as plain text. Within 2 minutes, using a text editor, a malware author can cut and paste a few strings to generate a new SMiShing attack. Fortunately, Eli is not following the for-profit trend of his more skilled colleagues. Unfortunately, it looks like SMiShing source code is now available to more malware writers.

Today's minor threat can become a component of tomorrow's devastating attack

No comments:

Protecting the ‘Metaverse ecosystem’…: Openness is healthy

Meta’s Reality Labs has an opening for “Malware Reverse Engineer” . Not an uncommon role, but this particular one is a bit more specific whe...