Posted on

Got scammed by Charlie?

In the old days, the GI’s call the Viet Cong forces as “Charlie” (see def. 2). However, this is 2009. Different battlefield, different combatants. Only this time, the innocent online messaging service/application users (like AIM, YM, etc.) are under attack by people who are out to fuck up as many computers as the makers of such malware previously intend. This is how we give them the big F-U.

You have noticed that you received a message like the ones below. You are suspicious (but not too curious) of the contents, as your contact doesn’t type in “gibberish”

Below are the some of the messages sent by “invaded” accounts (“infected” account name and the url from hell removed):

  • Tra lai em niem vui khi duoc gan ben em, tra lai em loi yeu thuong em dem, tra lai em niem tin thang nam qua ta dap xay. Gio day chi la nhung ky niem buon…
  • Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi…
  • Loi em noi cho tinh chung ta, nhu doan cuoi trong cuon phim buon.
  • Nguoi da den nhu la giac mo roi ra di cho anh bat ngo…
  • Vao day nghe bai nay di ban
  • Biet tin gi chua, vao day coi di
  • E may, vao day coi co con nho nay ngon lam

Apparently, you know that it’s in Vietnamese. (Why do I know this? I read a book with a bunch of pictures on it, and one shows a pic from Vietnam. A part of it shows a banner. It has a bit of weird letters on it, and I believe its structure is a bit similar to the “enticing” messages above.

From what I know, the computer that you’re using will get fucked, once you click on it. Rizelle (her real name, surname taken out because she’s my sister’s friend) once clicked on that link, not knowing its consequences. The bad news: the computer’s time and date reverted to January 1, 1601, among other consequences.

How can you prevent SillyFDC (the name of the worm that is spreading through an “innocent”-ish URL)? You can. Michael Olimpo (a friend of mine) suggested this solution through a chat on Yahoo! Messenger (edited to suit this post’s theme):

> Go to "c:\windows\system32\drivers\etc\hosts"
> edit it with notepad
> and then add the lines: "127.0.0.1       malwarelink.com"
(in which malwarelink.com is the [sample] url that harbors the poison,
and yes, it can be either subdomain or domain. remember to
remove the "" part.)

If you’re pretty fucked, he has another suggestion:

> Combofix can remove that shit

Every internet cafe operator should do the first step, AS SOON AS POSSIBLE. That way, you can save time and money from all that repairs caused by the malware’s payload, and the only thing that you can worry about are the bills and the security situation (besides, you need one less worry in your life, especially with these problems popping up nowadays).

Even if you’re no internet cafe operator, you have to do this: not only for yourself, but for the welfare of other computers that could be infected by just clicking a supposedly innocent link.

Disclaimers: The solutions posted here to (prevent) get rid of SillyFDC may or may not work; some malware or things similar to a virus may be prevented through it, but it’s more recommended to have a powerful, frequently updated (and reputable) anti-virus program. If you are more than fucked and the solutions/preventions did not work, please seek help from a reputable compuer professional. This post is not intended to offend the Vietnamese people, whether in Vietnam or overseas, as this is about getting rid and/or preventing a worm attack, nor are we blaming them for this kind of virus.

Advertisements