This article is more than 1 year old

Like masochism? Run a PC? These VXers want to help you pwn yourself

You’re a winner! Just ignore those pesky warnings, dude

Masochistic Windows users have been given a helping hand from hackers, in the form of step-by-step instructions on how to get their PCs infected with malware.

A recent malware-slinging banking trojan campaign targeting Germany last week comes with explicit instructions for the recipients describing how to get their computers infected, anti-virus firm Avira reports.

The directions come as a zipped text file along with the Trojan downloader with the malware hiding on the recipient’s computer behind the standard icon for an Excel file. If the downloader does not automatically open or is stopped by the recipient’s antivirus software, the directions in the readme.txt give detailed directions how to execute that malware.

The infected file is called “Gewinner Quittung“ or “winner receipt”. It’s something less than plausible and anybody who opens it is either unusually credulous or deliberately trying to get pwned. Perhaps they don’t want to be left out.

But what if they get stopped by built-in security defences while installing the nasty? The hackers behind the threat are there to offer a helping hand.

Prospective marks are told to just click and agree to everything. More precisely recipients are advised to double click on the extracted file. And from there, just click on “Agree” and then “Run”. Windows 10 comes with increased defences against this sort of malarkey. However, the hackers are there to offer top tips to self-harmers.

Don't do this!

For PCs with Windows 8 or the newer 10, self-harming PC users are told to click on “More Information” -> “Download anyway” at the standard SmartScreen warning.

Recipients are further told by the hackers to disable or turn off their antivirus or firewall. If there are problems, the instructions continue, add the malware file to the exceptions list and try again. Or, you can temporarily turn off your anti-virus or firewall until the file has been downloaded, punters are advised.

The installed malware was a banking trojan that steals credentials and financial information. However, the precise link to new variants can be changed by the cybercriminals at short notice, perhaps to something more damaging such as ransomware.

“They really want to be sure that the user ‘properly’ gets infected,” explained Oscar Anduiza, a malware analyst at Avira. “These directions are pretty much exactly 180 degrees off from what computer users should actually do.”

In addition, the malware features an official-looking certificate — ostensibly issued by COMODO.

“This gives the cybercriminals a second chance at a successful installation, especially after the AV has blocked the initial attempt. This is an interesting social engineering trick, especially as the downloader and malware are not especially sophisticated,” Anduiza added. ®

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like