Lamest attempt at spreading a payload of evilness… ever.

About a week back my buddy Paul Wood from MessageLabs received a friend request from “some lovely lady – ahem” on MySpace. If you’re a regular over at the trailer park of the interweb, you’re more than use to getting bogus friend requests from fake profiles being used to market some nonsense, phish your password, or get the ball rolling on yet another worm. Paul’s new sweetheart was no exception.

The hustle in question was / is just a copycat version of the old “MySpace Content Viewer“. Not a bad hustle to copy since I’m sure it was / is insanely effective at getting eRetards to download a payload of nastiness. When you completely rip off the idea of another dip-shit you’re suppose to do one of two things though…

1. Make an exact copy of their setup and find your own marks that haven’t already been exposed to it.
There’s no honor amongst thieves and you’re not exactly going to be kicked out of the “I wish I was l33t” club, so there’s no shame in this. Well, none that you don’t already carry around for being a douche-nozzle who infects people’s systems with malware / adware / scumware payloads for monetary gain.

2. Improve upon their idea by adding your own spin.
If you had to settle for a GED in Social Engineering because you were too stupid to get a PhD, you should stick to Number 1 because you’ll likely just screw things up.

Paul’s friend request from a MySpace hottie is a perfect example of Number 2 going to shit. Yeah, I know: a Number 2 going to shit equals pooh squared.

So, how did Mr. Pooh Squared screw it up???
The “MySpace Content Viewer” guy uses a large click-able image to cover most of a MySpace profile via some really basic CSS. The image purports itself as a program needed to view “special” or “adult” profiles on MySpace and is linked to an executable (.exe) file loaded with whatever payload of evilness being pushed at the moment.

Mr. Pooh Squared’s spin on it had / has 2 screw-ups…

1. Instead of using a massive image which is click-able in its entirety, he used some CSS to create a large / bordered area with a small (in comparison) image. The only click-able area is the image. This isn’t really a big deal. It’d probably only add one percent at most to his evil payload penetration if he hadn’t tried to make his more “professional”. The problem with this is simple: it demands an extra second of thought. That second will surely cause him to lose a small percent of clicks / installs. Not a major screw-up by any means, but a tiny boo-boo nonetheless.

2. The idiot was linking to a zip file. That’s what made this the lamest attempt at infecting people with BS I have ever seen.

Dear Pooh Squared,

Let me explain this really slowly to you. If your targeted demographic is made up of people who are naive enough to download “Myspace Plugins” in order to view a profile, they likely aren’t competent enough to unzip a file. No, really… If you’re packaging an evil payload into an archive, the demographic you should be targeting is the “know enough to get into trouble” crowd. In other words, a zip is only going to be effective on a warez / serials / similar site – not in MySpace Land.

~ Signed: peeps who aren’t retarded

Notes:
- The payload in the zip last week was a trojan downloader (Downloader.Zlob) according to AVG.
- Pooh Squared has since learned from the err of his ways and is linking directly to a exe now.
- MySpace is on its last leg. Spammers and adware idiots will likely have driven away most of their traffic within 6-ish months.