“Will the world end?”, Sudoko docs laced with macro malware

  • Liam Tung (CSO Online)
  • — 21 December, 2012 08:55

A gang has laced a PowerPoint presentation about the end of the world with malware, preying on widespread interest in the Mayan prediction it will happen tomorrow.

Researchers at security vendor Sophos this week discovered a malware-rigged version of a presentation by a US preacher titled “Will the world end in 2012?”. While the contents of the document were the preacher’s words, a rigged a version attempts to infects readers with what appears to be semi-formed malware.

The document by the preacher answers the question with a series of failed doomsday predictions, including a reference to Nostradamus’ claim the end would happen in 2000, which the author associated with computer “chaos” that was thought would be caused by the so-called Y2K bug .

The malware version of the presentation contains a macro -- a sequence of instructions -- that creates a Visual Basic file executable that is designed to download another executable, Wmupdate.exe.

The malware appeared to be “automatically generated” and did not in Sophos’ tests actually download the second component, suggesting it was not properly developed.

Nonetheless, Sophos says the methods were very similar to another piece of malware attached to an Excel file that is a generator and solver for popular number placement puzzle, Sudoku. The malware samples were “functionally identical”, its researchers said.

The Sudoku malware however had an edge over the doomsday malware. Both samples rely on macros in Visual Basics to create malware, but the Sudoku example attempts to trick potential victims into enabling the malware-generating macro in Visual Basics with the lure that doing so will allow them to generate Sudoku puzzles.

Sophos notes that macros were a popular tool for cybercriminals back in the 1990s until Microsoft turned the capability off by default to counter its misuse.

“It sounds perfectly reasonable, doesn't it? Generating Sudoku puzzles requires a program; to run the program requires macros,” said a Sophos representative.

The Sudoku malware sends a list of programs and services running on the victims’s PC, the PC’s location and and details about the hardware, operating system and patches.

Tags: Mayan prediction, NakedSecurity, security, Microsoft, Y2K bug, Sudoku, cybercrime, malware, sophos

Report on NSA 'secret' payments to RSA fuels encryption controversy

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Identity & Security Management

Identity and Security Management

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.