VB 2011 conference used to spread malware

Isn't it ironic?



Big events are always a good occasion to stir people's interest and curiosity – the key triggers to spread malware. A new product launch, a long-awaited show or even a technology conference could work as well. The funny thing is that somebody in the cybercrime business thought it would be a good idea to exploit no more, no less, than… this years' edition of Virus Bulletin conference which is underway in Barcelona.

A major event in the antimalware industry, VB International Conference gathers each year some of the most important names in the IT&C security, with speakers ranging from “dedicated anti-malware researchers to security experts from government and military organizations, legal, financial and educational institutions and large corporations worldwide”. It gets great coverage in media and probably some gazillion posts through social networks.

This provided the “bad guys” with a great opportunity – to broadcast Twitter messages purporting to deliver breaking news about the conference, but serving real-deal malware instead via shortened URLs, as you can see in the screenshot below.


Tweet about alleged VB news sending the inquisitive users towards malware.

Fig. 1 – Tweet about alleged VB news sending the inquisitive users towards malware.

What hides behind the shortened URL? A malware cocktail of a Trojan downloader and an installer. The downloader – hidden under the name of VB2011.exe (see the image below) – injects in SVCHOST.EXE process and attempts to download another file called Installation.exe.


The Trojan downloader disguised as the executable VB2011.exe.

Fig. 2 – The Trojan downloader disguised as the executable VB2011.exe.


Once launched, the installer can't be terminated and brings even more nasty files on the compromised machine, by connecting to additional malware-hosting domains. During installation, it opens numerous adware, gameware and porn pages in the Internet Explorer® browser, while also creating desktop shortcuts towards these pages.

As always, users of Bitdefender security products need not worry. If you don't have an antimalware product already installed, try – free of charge for 30 days – Bitdefender Total Security 2012.


Safe surfing everybody!

The malware descriptions in this article are provided courtesy of Doina Cosovan and Razvan Benchea, BitDefender Online Threats Researchers.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.

1 Comment

Click here to post a comment
  • […] A direct link is provided, and recipients are advised to follow it to download the promised software. Once they click the link, they are redirected to a site hosting a fake application which infects their systems with malware. […]