Tag Archives: Vuvuzela

“OMG! Vuvuzela banned!” Tweets Infect Followers

Posted on by

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

Malware authors must have a soft spot in their hearts for the long-maligned South African vuvuzela, because once again, the  most annoying noisemaker in World Cup history is driving people to Web sites which push infections down to their computers. This time, people are retweeting the malicious links attached to a message that reads “OMG! Vuvuzela banned!” along with the hashtags #worldcup and #vuvuzelabanned. At last check in Google, references to the malicious links number over 16,000.

The tweets use a variety of different link shortening services (including bit.ly, tinyurl.com, is.gd, and dr.tl) to mask the fact that their destination is actually a bogus image hosting website hosted on the .in top-level domain (supposedly used by Web sites registered in the country of India, but these sites are all hosted elsewhere). The Web site you eventually land on calls itself Image Sheep, while in the background, your PC is being herded into a botnet.

As an aside, there is a real image hosting service by the same name, but the real Image Sheep is registered elsewhere and hosted in an entirely different network than these fake Image Sheep clones.

Once the victim’s browser loads the fake Image Sheep page, it pushes a Java “image viewer” applet, named target.jar, down to the browser. It’s easy to pick apart the contents of this file, which contains additional Java applets and PHP scripts that push the malicious file (named IMG12523.jpg.exe) down to the victim’s computer. The file itself is a downloader component of an adversary we’ve seen before: Trojan-Backdoor-Protard (aka Gootkit), which retrieves additional malware and retrieves complex instructions.

Continue reading

More World Cup Shenanigans: “Anti-Vuvuzela Filter”

Posted on by

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

Someone called my attention today to a Web site selling something called an Anti-Vuvuzela Filter that costs €2.95 to download. Only, it’s a complete fraud.

For the twelve other people in the world who haven’t been watching the World Cup matches in South Africa, the Vuvuzela is a South African horn that makes an obnoxious buzzing sound when played.

The noise is said to be so irritating that fans have been watching the matches on television with the sound muted so they don’t have to hear the incessant wasp-like drone of Vuvuzela-toting fans inside the stadium.

If you haven’t experienced the full effect of the vuvuzela, consider yourself lucky. But if you’re wondering what all the fuss is about, you can make your best effort to read this blog in World Cup 2010 style. Just turn down your computer speakers or headphone volume first.

The site claims to be able to “get rid of the Vuvuzela noise through active noise cancellation” but all you get for your money is, apparently, a 45 minute long .mp3 file.

Seriously. Call it a Rogue AV (anti-vuvuzela) of a variety we haven’t seen before.

I should hope that the readers of this blog would be aware that whatever these goofballs are selling, it ain’t anything remotely similar to the active noise cancellation it is being touted to be. In fact, others have come up with a passable, working solution using equalizers and bandpass audio filters. There’s even a free, automatic filtering application you can download. It seems like this audio file would sound a lot more like a 45 minute recording of snake oil slithering. Or the sound of 3 Euros sneaking out of your pocket. Don’t be a sucker: Just reduce the volume on your TV if the vuvuzelas get you down.