Hacker Leaves Message for Microsoft in Trojan Code

January 12, 2009 – 6:01 PM

Here’s a new way to get Microsoft to pay attention to you: Slip a brief message into the malicious Trojan horse program you just wrote.

That’s what an unnamed Russian hacker did recently with a variation of Win32/Zlob, a Trojan program victims are being tricked into installing on their computers.

The message is surprisingly cordial, given that Microsoft’s security researchers spend their days trying to put people like Zlob’s author out of business. “Just want to say ‘Hello’ from Russia. You are really good guys. It was a surprise for me that Microsoft can respond on threats so fast,” the hacker wrote, adding, “Happy New Year, guys, and good luck!”

Zlob is one of the most common types of Trojan programs used to attack Windows these days. In a typical Zlob scam, the victim is sent a link to what looks like an interesting video. When the link is clicked, the user is told to install a multimedia codec file in order to watch the video. That file is actually malicious software.

It’s not clear whether the author of this message is the creator of Zlob, according to Joe Stewart, a researcher with SecureWorks. That’s because “Zlob is one of those things that gets mislabeled by AV companies a lot,” he said via e-mail. “Basically any time they see malware being spread by ‘you need this video codec…’ messages in multimedia files, it gets the Zlob label.”


You must be logged in to post a comment.