jump to navigation

Pirates of the Caribbean Trojan gets out June 14, 2007

Posted by grhomeboy in Internet Safety.

PandaLabs has detected a wave of spam containing the Pirabbean.A trojan. This junk mail tries to attract users’ attention with references to the latest episode of the Pirates of the Caribbean saga. The email includes an image that looks like promotional material for the film and claims to contain a trailer. The message subject simply says: “Pirates of the Caribbean: At world’s end”.

The mail includes two links that supposedly point to trailers. However, if users click on them, they are really downloading Pirabbean.A.

“This is another example of social engineering in action. Malware creators try to entice users into infecting themselves. For this reason, users should always be cautious and not even open messages from unknown senders, no matter how tempted or curious they are,” advises Luis Corrons, technical director of PandaLabs.

When the trojan is run, it shows an error message. This claims that there has been a problem playing the trailer as the computer does not have the necessary codec, and users are advised to visit the film’s official website.

“If after clicking on the link nothing happened, users would be suspicious. So in this way, the trojan hides its malicious action and prevents users from checking whether they are infected,” explains Corrons.

Pirabbean.A is also designed to download a dialer, detected by PandaLabs as Dialer.KGC. As with all dialers, it is designed to switch the dial-up Internet connection to a premium rate number.

The trojan also edits some Internet Explorer settings, adding two URLs to the Favorites. If users visit these pages, they will be infected with other dialers.

Panda Software’s intelligent TruPrevent Technologies have detected and blocked this trojan without having previously identified it, and users with these technologies installed have been protected from this worm from the moment it appeared.

All users that want to know whether their computers have been attacked by these or other malicious code can use TotalScan or NanoScan beta, the free, online solutions available at: http://www.infectedornot.com.

%d bloggers like this: