Computer News & Safety – Harry Waldron Rotating Header Image

October 28th, 2011:

OpFake.A – New Mobile attack disguised as Opera Mini Updater

A new mobile malware threat has surfaced and disguises itself as a legitimate software offering from Opera.  It is important to carefully check the authenticity of any software apps installed

F-Secure Trojan:SymbOS/OpFake.A

Here’s the technical analysis related to yesterday’s post on Trojan:SymbOS/OpFake.A.  OpFake.A arrives as a supposed Opera Mini updater using file names such as OperaUpdater.sisx and Update6.1.sisx. The malware installer adds an Opera icon to the application menu. When run, it will show a menu and a fake download progress bar. The malware also has a “license” which can be displayed. When the trojan is started, and before the victim advances through any of the menus, the trojan is already sending text messages to Russian premium rate numbers. The numbers and the content of the messages come from an encrypted configuration file (sms.xml).

The Symbian version of OpFake.A will also monitor SMS messages for the short while it is active and deletes incoming messages and messages moved to the sent messages folder based on the phone numbers and content of the messages. The code that handles the interception of incoming SMS messages is largely identical to that in Trojan:SymbOS/Spitmo.A. That part of OpFAke.A clearly shares source code with Spitmo.A.

Malicious Spam uses fake Gadhafi Video

Please always be careful of email message links or attachments that may be used to infect your system

Trend Labs – Video of Gadhafi’s Death Being Used for Spam

QUOTE: We’ve been seeing a particular social engineering lure in spam runs in the past, where spammers leverage the death of a known celebrity or political figure. Recent examples of this include the death of Steve Jobs, and Amy Winehouse. In this spam run using Gadhafi’s death, however, a more compelling lure is being used to trick users into downloading malicious files.  We found several spammed messages that claim to lead to videos of Gadhafi’s death. It is important to note that videos of Gadhafi’s death do exist, and legitimate news sites like Reuters and The Washington Post tell of the graphic content in the video and even host the said videos on their websites. This existence of real videos of Gadhafi’s death relatively makes it a more compelling lure.