Sophos

Download Windows 7 security - A great leap forward or business as usual?

« Takeaway malware and spam Black Hat conference impressions »

Hidden poetry

Today’s worm W32/KillAV-DX makes a nuisance of itself in the usual ways - leaving copies all over your hard disk and USB drives, disabling antivirus software and leaving the computer close to unusable - but its payload is a little less formulaic.

The worm installs the files “myrose.html” and “rose.jpg”, which are made the browser home page. The image is, as the name suggests, a rose, and the webpage also contains some Indonesian text.

Nothing special so far, but the author’s unusual choice of orange text on an orange background leaves the message unnoticed at a first glance. The easiest way to see the text (without wanting to read the HTML source) is to select the whole page:

W32/KillAV-DX’s custom homepage

We’re currently lacking a translation, but given the rose and the heart, I could take a good guess as to the sentiment.

Posted on August 3rd, 2007 by Glyn, SophosLabs UK
Filed under: Malware

Email this story to a friend   Digg   Reddit   Technorati   Slashdot   Facebook   Twitter   NewsVine   MySpace   Google   Live   Mixx   del.icio.us   StumbleUpon  

Download Windows 7 security - A great leap forward or business as usual?

Related posts