Trend Micro Discovers Fake Adobe Flash Player Program

Trend Micro security researchers have said that they discovered a new kind of malware pretending as a tool to install Adobe Flash Player, an important application for playing videos on computers.

Unlike other schemes wherein a malware is installed in a computer, the new trick to deceive users actually installs a fake Adobe Flash Player application.

This fake Adobe Flash Player comes with the name of TROJ_SMALL.UY, which itself suggests that it is a Trojan with the name of 'Small', said security experts. Moreover, other two alphabets 'UY' symbolizes to a special variant of Trojan Small.

Apart from TROJ_SMALL.UY, the new Trojan has several other names such as Trojan.DL.Small.BCCV, Trojan-Downloader.Win32.Small!IK, W32/Packed_Nspack.A, Trojan:Win32/Almanah.C!dll, Win32/Agent.OAA, etc.

Security experts at Trend Micro further explained that the Trojan 'Small' claimed to provide its victims a clean version of Adobe. Interestingly, the web page from where the fake Adobe player was downloaded and domain name were designed in such a way that they resembled to the originals. In fact, the installer also looked similar to the legitimate Windows installer.

Explaining the method of installing the malicious Trojan, Trend Micro security experts revealed that it could be installed into the victim's computer without his notice when he visits a malicious website hosting the Trojan. After execution, it performs a number of functions such as creating folders and adding an 'Uninstalled' facility in the Control Panel. It also creates registry entries that come under its installation routine.

Besides, the Trojan downloads a malicious file called TROJ_DLOADER.ZEK along with several other Adobe Flash Player files.

However, the Trojan deletes itself from the system after completing the execution process.

Fortunately, the site hosting fake Adobe application has been blocked, but the security company has informed users that they shouldn't be panic if they hear rise in the number of infections again.

Trend Micro has also offered some important tips to users to avoid becoming victim of this scam. Before downloading, make sure that URL spellings and domain names are right. A user can check the authenticity of program by taking mouse on the link which exhibits the real domain name of the link. If it doesn't happen, then URL is clearly spurious.

Finally, any URL containing symbol '@' in the middle of the address is surely a fake application.

Related article: Trend Micro Detects Spam Mail Declaring World War III

» SPAMfighter News - 6/9/2009