Showing posts with label agobot. Show all posts
Showing posts with label agobot. Show all posts

Saturday, December 1, 2012

A Virus is Being Circulated in Forum Posts with Content from This Website

Someone is creating forum posts with content from this website and links back to this website. Embedded in the forum post is a download to an executable called ares.exe, designed to look like a P2P client installer that is actually part of the Agobot family of worms (aka gaobot or gaobot.ee).

My website will never have executables available for download. Few people reading this website would be inclined to download a virus this stupidly designed.

More likely the point of this attack is to associate links to my site with malicious software in order to stop traffic to the site.

To the attacker: Agobot is designed for idiots. You are an idiot. Even Wikipedia thinks you are an idiot. Here's from the article on Ago, which gave me a laugh - "Agobot is an example of a Botnet that requires little or no programming knowledge to use." Its been 48 hours and you've been caught. Maybe targeting network engineers isn't the brightest idea?

Here is an example of a forum post as described (note that the post in this article has been secured, the administrator taking immediate action to secure the site):

When stupid goes bad

NSA Leak Bust Points to State Surveillance Deal with Printing Firms

Earlier this week a young government contractor named Reality Winner was accused by police of leaking an internal NSA document to news outle...