Israel-Hamas Malware  

Posted by Mohammad Talha in ,

Trend Micro is reporting the latest variant on the "please install a fake Flash player that is actually malware" attack, this one using CNN and the war between Israel and Hamas.

The attack comes as an unsolicited e-mail with news about the conflict. The sender and subject change with every message. The message claims to contain a link to an Al-Jazeera video. Clicking the link brings the user to a fake CNN page with a video on it. Start the video and the user gets a dialog box telling them to "Please Download the correct Flash Media Player!" Clicking OK starts a download of the malicious file Adobe_Player10.exe, which Trend detects as TROJ_DLOADR.QK.

This malware is a "downloader" which then downloads and installs other malware, TROJ_INJECT.ZZ, which " an info-stealer that logs keystrokes and launches a sniffer to retrieve passwords from network packets. It then uploads the gathered data to several URLs. It also drops a rootkit component detected as TROJ_ROOTKIT.FX." Bad news. (story Link)

This entry was posted on Jan 27, 2009 at 12:37 AM and is filed under , . You can follow any responses to this entry through the comments feed .


Post a Comment - Blog Search