I Don’t Want to Receive Any Unnecessary Information!

According to Section 50 of the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, anyone who wishes to send promotional information for commercial purposes via electronic transmission media must receive explicit consent of the receiver in advance. Spam refers to promotional information sent or posted for commercial purposes through communications networks although it is unwanted by the user. This post will present the analysis of a program that sends messages automatically on a particular web portal.

Figure 1. PUP promotional message

Figure 2. PUP promotional videos

Although they are introduced as marketing programs, they are actually spam programs. Thus, caution is advised to the users.

Figure 3. Spam program

The PUP above is a spam program that automatically sends messages on a certain web portal. As shown in the program in Figure 3, it has features to set the sender account, receiver account, and the content of the message, and other features to change IP and schedule messages.

Figure 4. Code for changing IP

The code is designed to bypass the blocking of the service provider by changing IP and avoid the account from being blocked. The method of the code above aims to change IP in an environment that uses mobile network connected via USB, and there are other codes that attempt to bypass using VPN as well.

Figure 5. Code for bypassing CAPTCHA

CAPTCHA is a technology built to block bots, program used for malicious purposes (e.g. continuously sending spam messages), on a web page. The PUP above also has a feature to bypass CAPTCHA. This feature sends CAPTCHA via a certain website instead of a self-developed code and uses the returned result value.

Figure 6. Comparing user information

This PUP combines PC information and uses it as a serial value. The program is managed in a blog of the account that is suspected to be the developer, and the information above, including the names of the buyers, is disclosed on the blog.

Figure 7. Serial list of spam program buyers

Figure 8. Serial of each type of program

The serial list of spam program buyers in Figure 7 shows that there are multiple users (individuals and companies) and that it was distributed until recently. Serial lists of PUP programs other than the spam program existed.

To send promotional information for commercial purposes, explicit consent by the receiver is required. This is clearly stated in the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, and thus such PUP program must not be used.

[File Detection]
PUP/Win.Generic.C5183719 (2022.06.28.03)

[IOC]
2620f0c99b409d5941a2992aec70fd10
2ed3641274165f713430d032535be9a8
6095a46ee0d72d11b116c87fd786332c
6161ba35441e611462f76ac8d356d26f

Subscribe to AhnLab’s next-generation threat intelligence platform ‘AhnLab TIP’ to check related IOC and detailed analysis information.

Categories:Malware Information

Tagged as:

5 2 votes
Article Rating
guest
0 Comments
Inline Feedbacks
View all comments