14 DAY TRIAL // Security researchers have come across a new variant of the worm known as VOBFUS. The latest version can “speak” 21 different languages.
Similar to older versions, WORM_VOBFUS.JDN spreads by copying itself to removable drives as executable files. However, unlike previous variants, the latest VOBFUS names the files depending on the operating system language of the targeted computer.
Uses who speak English will see files named something like “I love you.exe,” “Naked.exe,” “Password.exe,” “Sexy.exe,” and “Webcam.exe.”
If the operating system is set to another language, these names are translated. The worm is designed to target speakers of the following languages: English, Indonesian, Arabic, Chinese, Bosnian, Czech, Croatian, German, French, Hungarian, Korean, Italian, Polish, Persian, Romania, Portuguese, Thai, Spanish, Slovak, Vietnamese and Turkish.
“Infection by way of ‘localized’ threats could be seen as one way for cybercriminals to transform unsuspecting users into victims,” explained Mark Joseph Manahan, a threat response engineer at Trend Micro.
“Seeing a file or a notification written in their language might pique users’ interest more than seeing one written in English. Users may also find a false sense of security in these ‘localized’ files and notifications as they might view these as less suspicious than other files.”
Such tactics are usually utilized for police and file-encrypting ransomware, but obviously they’re efficient for other types of malware as well.