Malware rides the wave of 2008 Beijing Olympics

The great anticipation that awaited the Olympics is matched by the anticipation for malware to make use of the event to infect users.  The first executable malware taking advantage of this event has also arrived.  The malware is disguised as a screen saver named "2008BeijingOlympics.scr".
When you run the program, it actually displays some nice pictures of some of the Olympic Stadiums, so people may not notice the payload of installing a keylogger onto their computers.
The trojan drops two files named 'wuauct.exe' and '81.dll', and launches 'wuauct.exe' which tries to connect to the IP address in China on port 81 by injecting code into Explorer.exe.
Detection was added for the fake screen saver as "TrojanDropper:Win32/Jingbay.A". The name "Jingbay" is a phonetic word jumble for "Beijing", but incidentally means "gold trophy", a mere coincidence during naming of this Olympic-themed trojan.
So rest assured that as you sit down to watch your country represented in the 2008 Olympics, we are being watchful of your security.
-- Dan Nicolescu & Patrick Nolan

Comments (1)

  1. Anonymous says:

    132 Microsoft Team blogs searched, 66 blogs have new articles in the past 6 days. 149 new articles found searching from 04-Aug-2008 to 09-Aug-2008

Skip to main content