Free Porn and Nude Images of Angelina Jolie and Halle Berry - a Windows Nightmare

Nothing but social engineering

By on October 2nd, 2007 17:54 GMT
Free pornographic movies and nude images of Hollywood stars such as Angelina Jolie and Halle Berry, fail to deliver on both the promise of a free ride and that of sexual explicit content. And the fact of the matter is that the content adjacent to such promises is as far as possible from sexual and explicit. Pornography, from soft to hardcore, has long been the vessel of delivering malicious code, and infecting Windows users with malware. This because porn is an inherent part of social engineering schemes designed to provide sufficient incentive for the users to infect their machines. The way the Pushdo Trojan is spread via mass spamming proves an eloquent example of why pornographic content can be a veritable Windows nightmare.

"The Pushdo Trojan has been spammed out every Wednesday since March 2007 using a variety of enticing disguises, but lately, the cybercriminals have stepped up a gear and begun to spam innocent computer users at any time and on any day of the week," said Carole Theriault, senior security consultant at Sophos. "The trick of tempting users with scantily clad pictures of hot-looking girls is as old as the hills - but people still fall for it. This outbreak underlines that hackers have not turned their backs on using email as a vector for attack. It's essential that companies and individuals alike protect their gateways and inboxes with a secure defense, and think before they open unsolicited emails."

However, this is but one of the modalities to spread malicious code. Getting the users to open an archive sent as an email attachment, containing the malware and catalyze the infection is but a facet of social engineering schemes involving porn. The other also targets Windows users by default, but this time via the Internet Explorer browser. Free porn movies are used as the lure, as exemplified by both Sophos and Symantec. In the majority of cases, users are encouraged to install code masquerading as a codec or as an ActiveX control in order to access the videos. Of course that such an install only leads to an all out compromise of the Windows operating system.

Comments