A (Lemon) Party On Your Desktop

| | Comments (0)
Shockmemes have become a big deal in hacking circles recently, and whether its catching out priests with Meatspin or leaving a nice surprise on phished Myspace pages, everybody wants a piece of the action. Well, the use of Shockmemes in hacking and cracking circles takes another plunge into the world of bleeding eyeballs and crying children the World over with this latest infection. Currently doing the rounds on the "Let's ruin your day" circuit, this bundle of joy (once run by the unsuspecting Windows end-user) will make your previously beautiful and clutter free desktop....

lemon1.jpg
Click to Enlarge

....look like this:

lemon00.gif
Click to Enlarge

Oh my, is that 40+ copies of Lemonparty on your desktop? I think it is.

In addition to your new favourite desktop image, you'll find that the author of this file wants you to see more of Lemonparty.

A whole lot more, as it turns out. Within minutes, your desktop will look like this:

lemonallz.jpg
Click to Enlarge

Whoops.

Your entire PC has been taken over by endless respawning images of three old guys having the best time of their lives in a hotel room. If you reboot the PC, they'll come straight back. If you go into task manager and kill the process that keeps creating duplicate images, your desktop will be clean for about ten seconds...then they'll come straight back.Your PC will slow down to a crawl, making it even harder to go looking for the hidden files that keep the party going.

Even trying to get screenshots of the files involved was nearly impossible due to the images insistence on hogging every square inch of your monitors real estate. As a matter of fact, when I asked my colleague to grab a shot of the file responsible for bringing the desktop hijacks back to life each time what should pop up but...

lemonlol.jpg
Click to Enlarge

This is one party you just can't stop.

We detect this as LemonLover. And this is quite possibly the funniest thing I have ever written about.

Additional Research: Chris Mannon, Senior Threat Researcher

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on October 6, 2008 9:34 PM.

A Case Of Twitter Username Squatting? was the previous entry in this blog.

Barclays PINsentry Phish is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.