Trend Micro is reporting the latest variant on the "please install a fake Flash player that is actually malware" attack, this one using CNN and the war between Israel and Hamas.
The attack comes as an unsolicited e-mail with news about the conflict. The sender and subject change with every message. The message claims to contain a link to an Al-Jazeera video. Clicking the link brings the user to a fake CNN page with a video on it. Start the video and the user gets a dialog box telling them to "Please Download the correct Flash Media Player!" Clicking OK starts a download of the malicious file Adobe_Player10.exe, which Trend detects as TROJ_DLOADR.QK.
This malware is a "downloader" which then downloads and installs other malware, TROJ_INJECT.ZZ, which "...is an info-stealer that logs keystrokes and launches a sniffer to retrieve passwords from network packets. It then uploads the gathered data to several URLs. It also drops a rootkit component detected as TROJ_ROOTKIT.FX." Bad news. (story Link)
No comments:
Post a Comment