Perfect bait

The article "Modern Internet attacks" is provided by Sophos Plc and SophosLabs.

August 2007

Using vulnerabilities is the ideal mechanism for running malicious code. Still, social engineering continues to be a reliable tool for malware creators widely used in the email attacks [25]. The modern increase in channel capacity and improvements in client technologies raised the need for full-featured browser-based content. The users assume that the page must contain a built-in sound, animation or video. This makes it easier for the malware creators and allows them to use social engineering in the Internet more effectively.

The Zlob troyan family [26] for Windows is a good example of using pornography as a bait. The installation mechanism involves visiting different sites with pornographic content. When the user tries to access certain content (usually an attractive porn video) they get an error message similar to the one shown in Figure 1. 5. Clicking the link to install the missing video codec, the user actually loads a fake installation package from another site created for the attack. Running the package installs malicious Zlob components. The client's computer is infected.

Fig. 5. An example of a fraudulent site with which Zlob attracts users and runs the fake installation package.

Later Zlob versions use a similar social engineering mechanism, but together with a simple error message it plays sound from the porn video — apparently to encourage those who find it difficult to install missing codec.