ZeuS baddies copy Conficker tactics Variants of the infamous ZeuS cybercrime toolkit have begun using the tactics of the infamous Conficker worm in a bid to get ahead of security defences. The so-called Licat worm, which is "strongly linked" to ZeuS, represents a likely attempt to reinforce botnets following recent arrests of suspected bank fraud money mules, as …
I suppose there are now people around who've never seen a file infector before, it being a somewhat old timey type of attack. For executable files, .exe and .dll it the proverbial unit of wee wee, you just stick your code in there somewhere where it will get executed. There is a whole spectrum of sophistication of course, depending on weather you care if the infected executables will do what they did before you messed with them, but it's really not that difficult if you know your way around a PE file. This is by way of being almost the oldest trick in the book.
As for the HTML, think of it as a kind of offline XSS. If I can alter an HTML file on disk, I can insert code that will bugger off into the the intar webs and pull any old shite in. Which could include - as you say - a pwning iframe or other web based vuln de jour.
A bit like the outlook email virii that were popular in the mid 90s. Christ, I can't believe I'm getting nostalgic for security threats. Must be time to start drinking.
Lots of s00per s3Kr3t inph0s at :
http://blog.trendmicro.com/file-infector-uses-domain-generation-technique-like-downadconficker/
I remember the days of boot sector/file infections fondly. Word macros and CIH made me shat bricks. I'm just surprised they're infecting .exe and .dll as I figured most programs would have safeguards preventing piracy that would prevent a program from working properly. I know most of my customers would immediately be on the phone if they're favorite account/word processor/time waster wasn't working because they got some virus off the interbutts.
.HTML files seems more plausible because as long as you don't make anything visible, not many people would notice what's happened.
I think the Conficker guys should copy ZeuS and get some hot Russkie Jailbait on side. There's just not enough glamour in the organised cyber-crime world these days.
"Kristina Svechinskaya, 21, has been dubbed the ‘world’s sexiest computer hacker’ after being charged with being part of a gang aiming to steal $220million (£139million).
In leather boots and skin-tight jeans, she wept during her court appearance. Today, she is due in court again, charged with conspiracy to commit bank fraud and false use of passports."
http://www.dailymail.co.uk/news/article-1320184/Worlds-sexiest-hacker-appears-court-charged-35m-scam.html
I'd say "you couldn't make it up", but I've seen fan fic of it, so that would be wrong.
Paris. D'uh!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
