Phony Forums Deliver Trojans, Says Trend Micro

Cyber-criminals are creating fake forums to spread malicious codes across the Web, hoping they would attract Internet surfers into their traps.

Security firm Trend Micro says that the fake forums promote porn videos and when anyone follows the links provided on the forums, he is led to a malicious Web page with a video player.

But when the user tries to run the video player, a pop-up box appears on the screen showing a message that he must download a file otherwise the video would not play.

According to Loucif Kharouni, Threat Analyst at Trend Micro, when users double-click on the OK option to see the film, they succumb to a malicious drive-by download technique as the malicious software has already executed without their consent, as reported by Webuser on September 25, 2008.

Furthermore, malware creators use a combination of several techniques in the new attack, as per the Security Experts at Trend Micro. The screenshots display two screens on one Web page. And the interesting part about this particular malware is that the Trojan horse cyber-criminals try to install continuous modify itself, making it hard for anti-virus software to track it.

Security researchers also stated that the computers were initially infected with the Trojan named TROJ_FAKEAV.NN, but now they have detected another file called TROJ_CODECPACK.R installed in place of the original Trojan.

Moreover, according to the security experts, this particular attack doesn't stop there. malware might also be loaded on computers when end-users refresh a Web page because they are diverted to another Website.

Besides, in the attack, the Website does not ask for installation of an ActiveX object instead it draws the end-users towards widely accepted fake codec regular, where they are duped into installing malware in the garb of a video codec onto their systems. Once again the malware modifies to new variants identified as TROJ_FAKEAV.IT and TROJ_FAKEAV.NO.

However, Trend Micro recommends computer users to maintain up-to-date Internet security software as well as scan the system scan if there is a doubt of an infection.

Related article: PM’s Official Web Site Targeted By Hackers

» SPAMfighter News - 01-10-2008

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial