November 18, 2006 will be a significant day for boxing enthusiasts everywhere, especially for Filipinos and Mexicans as this day marks the third time that their respective boxing champs, Manny Pacquiao and Erik Morales will face each other to show to the world who’s the best in the boxing ring. Just like any popular international event, this spectacle will be the focus of many product endorsements, advertising campaigns, media hypes and the like. Of course, just like the Miss World event that has been the topic in one of my blogs these past few days, this event can also be used by a malware in its social engineering ploys.
WORM_SILLYFDC.AO is a malware that targets Pacquiao and Morales fans. Although this worm does nothing at all aside from propagating through network shares, it does have a high potential for spreading since it poses as a text file in the affected system (Morales_vs_Pacquiao.txt…exe). The double extension is a dead giveaway that the file is not what it seems to be but loyal Pacquiao and Morales followers would click on the file anyway, possibly in the hope to read something interesting about the upcoming match. Once executed, the worm drops copies of itself in all possible removable storage media (yes, floppy disks included) and mapped network drives. It also creates a registry entry so that it will be executed upon system startup.
This is not something new. This worm may use a simple and unsophisticated technique in propagation but the way it takes advantage of a popular event in an effort to trick the user into opening it can give it a chance of wide-scale propagation. Fortunately, a solution is already in the works for this new threat. We’ll update you once a detection pattern has been deployed.