In Malware Schemes, Sex Still Selling

By Matthew Hines  |  Posted 2009-07-27 Print this article Print

Paris Hilton and Pamela Anderson may not have the same celeb appeal that they had a few years ago when they routinely topped the charts as search engine fodder. However, at least in one regard, their legacy lives on in cyberspace.

As we've seen in a number of high-profile incidents in recent weeks, when it comes to advertising malware to end users, there's no question that sex remains one of the most popular and effective topics for use in spreading infections. At least we have to assume that it's still effective, but that seems like a logical conclusion since attackers keep on flogging the same model.

Beyond the seemingly endless array of multimedia codec download attacks that spam themselves around promising XXX files, social engineering using sex, as was perfected years ago via the use of campaigns centered on adult images of Ms. Hilton and Ms. Anderson, continues to emerge at every opportunity.

Whenever there's even the slightest hint of a celebrity sex tape scandal attackers flock to the Web to begin creating threats based on the content - frequently doing so nearly as quickly as end users show up online seeking the involved files themselves.

For instance, when the unauthorized video of ESPN sideline reporter Erin Andrews first emerged last week, attackers were onboard almost immediately, trying to use everything from spam-based campaigns related to the footage to attempts to trick users into finding their infection sites via links posted on Andrews-related clips appearing on YouTube.

On another fairly cutting-edge front, attackers attempting to create what may be the world's first mobile device botnet using a program named "SexyView" that's skillfully disguised as a legitimate mobile application designed to send adult materials to your handheld device.

Even with widespread awareness that a good portion of the freely available XXX content available online comes with some form of badware onboard, it seems that attackers feel fairly confident that they can continue ride the same old tactics to profit, otherwise they'd simply move onto to something else, as we know.

So it comes as little surprise that nearly every day researchers seem to stumble over some form of new attack that somehow references sex.

Over the last several days, researchers at endpoint security specialist Sophos raised the red flag over the latest sex-driven malware sample that the company's systems have encountered in the wild.

Dubbed Troj/AdClick-FR the attack is designed specifically to deactivate and end user's anti-virus protection, the company said. The involved program first appears as a file named "EroticPamela.mpg" that mimics the look and feel of a Windows media file. But of course the program is actually a file executable that drops malware onto the system of anyone who opens it.

After the program takes hold, an affected user's anti-virus software stops running or terminates altogether, along with other security processes, Sophos researcher Chee Hui said in a blog post.

Specifically, the Trojan attempts to disrupt popular security products including Sygate Firewall, Norton AntiVirus Auto-Protect Service and ESET Smart Security, the researcher said.

Furthermore, the attack also tries to embed itself so that it runs automatically whenever an infected system is turned on, and it modifies users' Windows Explorer settings. The threat also attempts to change infected PCs' Windows System Properties page.

It's unclear if the "Pamela" referenced in the attack file is the aforementioned former Playboy bunny and Tommy Lee honeymoon video star.

Either way the aging starlet can take pride in the fact that, at least in the online domain, her inspiration lives on.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel