Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Like masochism? Run a PC? These VXers want to help you pwn yourself

You’re a winner! Just ignore those pesky warnings, dude

Masochistic Windows users have been given a helping hand from hackers, in the form of step-by-step instructions on how to get their PCs infected with malware.

A recent malware-slinging banking trojan campaign targeting Germany last week comes with explicit instructions for the recipients describing how to get their computers infected, anti-virus firm Avira reports.

The directions come as a zipped text file along with the Trojan downloader with the malware hiding on the recipient’s computer behind the standard icon for an Excel file. If the downloader does not automatically open or is stopped by the recipient’s antivirus software, the directions in the readme.txt give detailed directions how to execute that malware.

The infected file is called “Gewinner Quittung“ or “winner receipt”. It’s something less than plausible and anybody who opens it is either unusually credulous or deliberately trying to get pwned. Perhaps they don’t want to be left out.

But what if they get stopped by built-in security defences while installing the nasty? The hackers behind the threat are there to offer a helping hand.

Prospective marks are told to just click and agree to everything. More precisely recipients are advised to double click on the extracted file. And from there, just click on “Agree” and then “Run”. Windows 10 comes with increased defences against this sort of malarkey. However, the hackers are there to offer top tips to self-harmers.

Don't do this!

For PCs with Windows 8 or the newer 10, self-harming PC users are told to click on “More Information” -> “Download anyway” at the standard SmartScreen warning.

Recipients are further told by the hackers to disable or turn off their antivirus or firewall. If there are problems, the instructions continue, add the malware file to the exceptions list and try again. Or, you can temporarily turn off your anti-virus or firewall until the file has been downloaded, punters are advised.

The installed malware was a banking trojan that steals credentials and financial information. However, the precise link to new variants can be changed by the cybercriminals at short notice, perhaps to something more damaging such as ransomware.

“They really want to be sure that the user ‘properly’ gets infected,” explained Oscar Anduiza, a malware analyst at Avira. “These directions are pretty much exactly 180 degrees off from what computer users should actually do.”

In addition, the malware features an official-looking certificate — ostensibly issued by COMODO.

“This gives the cybercriminals a second chance at a successful installation, especially after the AV has blocked the initial attempt. This is an interesting social engineering trick, especially as the downloader and malware are not especially sophisticated,” Anduiza added. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like