Security Watch | Matt Hines » Happy Halloween: Malware costumes trick or treat

October 30, 2007 | Comments: (0)

Happy Halloween: Malware costumes trick or treat

TAGS: Security

With Halloween lurking tomorrow evening, I'm sure that some of you, like me, are scratching your heads trying to come up with a fresh idea to impress all the peeps at your favorite annual costume bash.

It dawned on me some time ago that there are some great potential alternatives to choose from, costume-wise, when considering all the characters that make up the oddball world of IT security.

Considering this context, one can select from security-oriented outfits including hackers, crackers and cyber-criminals (try to look rich and indifferent), as well as trade show booth babes, shoddily-clad AV marketing execs, tech journalists (mandatory goatee, eyeglasses, and stomach paunch), VC-backed start-up CEOs (obligatory giant new watch) or even some of the types of people you run into at Black Hat and DefCon each year (wear a black T-shirt and try to look jaded at all times).

Of course, the hackneyed hacker world costume idea of the year (if your friends are just as geeky as you are, dear readers) might be to dress up like NBC "Dateline" Producer Michelle Madigan, wearing a blond wig and "hidden" microphone, and then run away as soon as anyone asks who you're supposed to be and pretend to call your bosses on your cell phone.

The same M.O. got Madigan a lot of attention at DefCon after all -- just don't expect to win any prizes or get much candy. Or to tape a sensationalistic undercover TV show.

My personal preference might be to dress up as an Eastern European hacker, as all it would involve is a rumpled Member's Only jacket, three days of beard growth and strikingly strong cigarette breath -- but as this outfit so closely resembles my personal appearance it probably misses the idea of changing one's feathers for the holiday occasion. Alas.

Anyway, the funny guys over at F-Secure have developed a list of popular malware schemes that try to hide their identities, and tabbed them with some costume-oriented themes.

They may not help you woo that attractive JavaScript coder dressed up like Yuna from "Final Fantasy" at your party tomorrow night, but hey, they're giving bloggers like me a chance to weave some colorful Halloween joy into this otherwise black-and-white world.

According to F-Secure, some of the best malware costumes over the past few years have been:

The Chameleon: Attacks like the Storm Worm that shift their colors on a seemingly endless basis. Today's e-mail porn is tomorrow's new YouTube video, or maybe it's a game or an e-card. The fun just never ends with this group. The treat is that you get to see a cruddy image or a broken Java game. The trick is you get to join a massive worldwide botnet. Good times.

The Bill Collector: Viruses like Haxdoor that claim to be related to online purchases or eBay transactions that never really happened. The treat is that the advertised e-commerce problem actually never occurred. The trick is that after you download the virus, your machine will get swamped with keyloggers and rootkits, and then it will really happen.

The Starlet: A time-honored favorite that made Anna Kournikova nearly as famous for her link to malware as she was made famous for her, um, tennis skills? You just can't help yourself, there aren't enough malware-free images of naked women on the Net for you. You… must… click… the… link. The treat is that you get to see some racy pic. The trick is that hackers get to see the inside of your bank account.

The Casanova: We all remember the LoveLetter e-mail, that romantic-themed attack that arrived as a plea from a long-lost lover for further explanation of your wandering ways. If you fall for this one, you probably don't deserve to have any money in your PayPal account because you're already lecherous creep. Or you're just sensitive and vulnerable. Treat is that you think someone cares about you, deeply. Trick is that the only one who cares is some dude in Estonia who wants to hack your eTrade account.

The Hero: Like the Swen.A virus, attacks that disguise themselves as something helpful, like a security update from Microsoft. Treat is that you think you're improving the protection of your computer. Trick is that you've now made your OS even less secure than Microsoft made it out of the box. Boo.

Enjoy the evening.

Posted by Matt Hines on October 30, 2007 02:12 PM

RATE THIS ARTICLE: