Con Artists Spoof an Adobe Update to Install Malware
Recently, the engineers at TrendLabs observed a malicious scheme which tries to imitate an Adobe update, but in reality it is a Trojan variant noted as TROJ_FAYKDOBE.A, as per the news published by the Trendmicro on April 7, 2010.
A gullible user can easily be victimized by the ploy if he/she visits the malicious code hosting website.
Oscar Abendan of Trend's technical communications team stated in the TrendLabs malware Blog that this particular piece of malware contains identical icons and details of versions of an Adobe update. This allows it to evade system analysts and antivirus software, and to hoax unwary users into mistaking it as a genuine one, as per the news published by Search Security on April 8, 2010.
The Trojan was analyzed by Jessa De La Torre, threat response engineer at TrendLabs, as per the news published by IT KNOWLEDGE EXCHANGE on April 7, 2010.
Reportedly, the malicious files have been identified as BKDR_VB.JGT. The Trojan drops other malicious software, namely BKDR_VBBOT.AP, and BKDR_VB.JHM. These malware communicate with a remote server for instructions, according to Jessa De La Torre. Further, the malware delivered files carry out different but complementary functions.
According to the experts, BKDR_VBBOT.AP, the loaded malware, serves as the chief component and links to specific servers so as to listen to the instructions from a remote user. Another loaded malware BKDR_VB.JHM is used to instigate a process in both local as well as remote systems, to retrieve data and to finish certain running processes. Finally, the malware BKDR_VB.JGT functions as a proxy server, which enables the remote users to gain access to compromised systems.
Surprisingly, Windows 7 and Microsoft Vista users do not seem to have got affected by the Trojan. It affects Windows ME, 98, 2000 XP, NT, and Server 2003.
Security analyst, commenting on this particular issue said that this approach has been adopted by several pieces of malware in the past. In October 2009, the infamous Koobface botnet propagated on the famous social networking website Facebook. The malware employed a template manipulating (spoofing) Adobe's Flash updater contained within a phony YouTube page. Like the aforesaid assault technique, cyber crooks are exploiting authentic websites to host their malicious codes.
Related article: China’s Best Initiatives To Deal With Spam
» SPAMfighter News - 17-04-2010