Hacker leaves message for Microsoft in Trojan code
Here's a new way to get Microsoft to pay attention to you: Slip a brief message into the malicious Trojan horse program you just wrote.
That's what an unnamed Russian hacker did recently with a variation of Win32/Zlob, a Trojan program victims are being tricked into installing on their computers.
The message is surprisingly cordial, given that Microsoft's security researchers spend their days trying to put people like Zlob's author out of business. "Just want to say 'Hello' from Russia. You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast," the hacker wrote, adding, "Happy New Year, guys, and good luck!"
Zlob is one of the most common types of Trojan programs used to attack Windows these days. In a typical Zlob scam, the victim is sent a link to what looks like an interesting video. When the link is clicked, the user is told to install a multimedia codec file in order to watch the video. That file is actually malicious software.
It's not clear whether the author of this message is the creator of Zlob, according to Joe Stewart, a researcher with SecureWorks. That's because "Zlob is one of those things that gets mislabeled by AV companies a lot," he said via e-mail. "Basically any time they see malware being spread by 'you need this video codec...' messages in multimedia files, it gets the Zlob label."
This isn't the first time this particular hacker has sent a note to Microsoft's security group. Last October he wrote a slightly creepy message, saying, "I want to see your eyes the man from Windows Defender's team."
Unlike the October message, this latest note wasn't caught by Microsoft. It was found Friday by a French security researcher using the hacker handle S!Ri.
According to this latest message, it may be the Zlob hacker's last note to Microsoft. "We are closing soon," he wrote. "So, you will not see some of my great ;) ideas in that family of software."
"It warms my heart that they're 'closing soon,'" wrote Microsoft spokesman Tareq Saade in a blog post Friday.
All things considered, hiding messages in source code may not be the most effective way of reaching the Windows Defender team. "Considering the enormous amount of malware we go through every day, it can be difficult to track follow up samples like this," Saade wrote.
The hacker also claimed that Microsoft had once offered him a job to help improve Windows Vista's security. Microsoft hired a large number of outside security consultants to test Vista's code before it was released in late 2006. "It's not interesting for me," the hacker concluded. "Just a life's irony."
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
microsoft
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Type of bugs that can damage and ruin my computer.
If you are like me and tired many different scans in the past looking for something that will protect and clean your computer, give Search-and-destroy Antispyware a try. I found that the antispyware solution from Search-and-destroy (http://www.Search-and-destroy.com) is an excellent choice. It’s less expensive than many of the other scans I’ve tired but it finds the same type of bugs that can damage and ruin my computer. I am so happy with this scanner that I want to tell everyone about it so you can give it a try to. I’m sure you will love it.