August 26th, 2008
Feel like taunting an identity thief? Don’t.
The next time you get the urge to enter angry messages to phishers on fake (malicious) Web sites, stop and consider this discovery by researcher Joe Stewart.
The identity thieves behind the Asprox botnet have built extra logic into phishing sites to detect taunts and subject those computer users to drive-by malware exploits.
“If you are running Windows and haven’t recently installed your security updates and patched all your browser plugins/ActiveX controls, you might find yourself infected with your very own copy of Asprox,” Stewart warns.
Not only do you then get the opportunity to unknowingly send phishing emails on behalf of the botnet, you will likely get some extra goodies, since Asprox is also a downloader trojan. You won’t notice it running, but you might notice some of the things it downloads and installs.
For instance, you might find your desktop wallpaper changed to a “spyware alert” type of message, and now all your screen saver shows is scary blue-screens-of-death.
[ SEE: Adobe Flash ads launching clipboard hijack attack ]
Stewart posts screen shots with evidence that the Asprox botnet operators are linked to the attackers behind the rogue security software (scareware) attacks.
And at any time, Asprox might deliver another malicious payload and install it for you - and it could be much worse: we’ve seen the Zbot banking trojan installed by Asprox in the past. So instead of a dealing with a nuisance program, you might be silently sending your banking and credit card information to the botnet owners. Something to think about before venting your frustrations on the bad guys. Sometimes phish bite back.
* Image source: David Locke’s Flickr photostream (Creative Commons 2.0)
For daily updates on Ryan's activities, follow him on Twitter.
