Last Monday 18th April 2016, there was an online job posting looking for freelance software testers. This was what the ad says:
Looking for someone to test my application called "Crush Clean" its a Simple app to clean your desktop Please just open the application test it and tell me what happens and payment will be made Thanks
Baited
Sounds simple enough. So I proceeded to download the attachment, a Windows executable compressed in a ZIP file, without much thought.
I updated my anti-virus scanner, scanned the downloaded file and it appears to be 'clean'. Everything looks good.
I loaded it up in my Windows 7 test environment running under VirtualBox. I then ran the application from the command line. There was nothing much to see, much less to report: it just 'terminated' as soon as I press the <ENTER> key - no window or anything admire.
I launched the "Windows Task Manager", clicked on the "Processes" Tab and there it was resident in the system's memory. It seems to spawn a sub-process (which then terminates almost immediately) every 5 seconds or so. Good, now I have something to write about and so I submitted my proposal and reported what I saw.
Checking on proposal's status some 24 hours later, I realised I was rejected. No payment was made to me whatsoever despite what was stated in the ad.
Suspicious Mind
I didn't think much about it. But two days later on Wednesday I got this uneasy feeling about the whole thing. Therefore, I updated my anti-virus scanner again (something that I do everyday, anyway), and did another scan on the downloaded file - POW! positive for a trojan/malware called "TR/Dropper.MSIL.yjxm".
Do I have spidey senses? Nah... But (ex-)system administrator instinct perhaps. Shame on me. I should have known better. How did I fell for this ad in the first place?
This trojan was so new that my anti-virus scanner was unaware of it during the update two days earlier. Good thing I did my testing in a controlled environment. Damage was minimal. I just reformat the partition and reinstall Windows 7 again. Just a scratch, no big deal.
Incidentally, I was not the only person who submitted the proposal. There were 55 other freelancers in total from what I could see. I wonder if they are aware that their PC is already infected with a malware? I hope they did their testing under a test machine or in a virtual machine like I did.
I did inform the freelance job posting website but when I last checked the job advertisement together with that malware attachment is still there. Oh well. We just have to keep our guards up at all times I suppose.
0 comments:
Post a Comment