The Same River.

Brilliant!!

Coding Horror: A Question of Programming Ethics

Dark Reading—CMP Technology’s offering for the occasional suit who thinks about security issues—runs down the three biggest bot-nets currently out there. Not a lot of technical analysis going on but interesting in a big picture sort of way. I’m still amazed that Rbot is still alive and kicking to the degree it is.

I was a bit intrigued by a certain referrer in my log file who has been drifting at the bottom for the past week+ but suddenly shot up into the top 5 yesterday. The link ostensibly goes to http://tvsetmp3.com/ but gets redirected to http://ismymovies.com/. The page is constructed to look like it throws a system dialog box—if one were running XP in the default blue theme.

The dialog box asks you to download a codec to view the movie. The image is dressed up like a dialog box even going so far as to enabling you to drag it around. The ultimate clue being you cannot drag it outside the browser window’s boundaries. Clicking the “Cancel” area on the image map throws a Javascript dialog asking you to click “OK” to download the exe file. Clicking “Cancel” here throws another dialog that insists you click “OK” to download the exe file. Clicking “OK” brings you back to the previous “Click OK to download the codec” pop-up.

Clever. I never did go so far as to try to view the embedded Flash Video file underneath. I mean, it’s likely that there has to be a video file to cover the social engineering that just occurred if they did manage to get the fake codec installed on you machine. Still, they steer really hard to get you to the place where you download that putative codec.

Like I said. Clever. The social engineering continues to get better.

Storm takes on a new guise aimed at the paranoid set. This stuff is just incredibly genius…
Private Detective Scare is Storm Trojan