Researchers at Trend Micro found themselves the victims of a “Rickrolling” while analyzing a malware program that triggered multiple rules-based security alerts, most likely deliberately.
Rickrolling is a prank whereby someone is tricked into watching a video of English pop artist Rick Astley singing his famous song “Never Gonna Give You Up.”
Detected as JOKE_CYBERAVI, the malware was discovered May 11 and created only roughly 90 minutes prior to its initial detection, Trend Micro explained in a blog post on Friday.
The joke malware, which was detected 26 times in total, came to Trend Micro’s attention after triggered multiple rules that researchers created using the malware tracking tool Yara. After further analysis, Trend Micro determined that the prankster likely intentionally designed his malware to trigger the Yara rules to ensure that his creation was flagged and noticed.
The malware dropped an .AVI file that, upon execution, played Astley’s famous number-one hit single. “Our theory is that this could be some kind of test created to test Yara rules within an organization, or it could be just someone playing a practical joke,” wrote blog post author Stephen Hilt, Trend Micro senior threat researcher. “Either way, we enjoyed the throwback to the time when Rickrolling was popular.”