Anti-virus Software Disabled by Fake Codec Trojan
ESET announced the spread of dangerous new variant of the Win32/Delf.QCZ Trojan through Facebook, as reported by virus removal on August 6, 2011.
The spam spreads in the Facebook chat with a message "Hi how are you", which is actually purported and the person sending the mail seems to be included in the friend's list. The conversation also refers the user and is actually purported.
The spam also points towards downloading a video link, which is a fake page seemingly to be from the YouTube. This page tricks a user into downloading the malware. The link seems real as it even involves the name of the user. This fake codec trick has been utilized by malware writers for quite some time from now.
Apart from all these, the attackers have also added comments in the video link to increase the authenticity of the link, which also triggers a user to update the link.
While discussing ways of combating this kind of dangerous Trojan, ESET malware Researcher Robert Lipovsky was quite apprehensive due to the following reasons. Firstly, chatting on it is out of the question as the link is a computer bot. For people speaking in non-English language, the attraction might be drawn apparently from the communication made by their friends in English. Secondly, even the video link that replicates YouTube seems to be quite suspicious, reports EFYTimes on August 7, 2011.
As per statistics revealed by the ESET ThreatSense.Net, following are the countries with highest infection rate with the Win32/Delf.QCZ Trojan. These are Central and Eastern Europe, Slovakia, Russia, Belarus, Ukraine, the Czech Republic and Serbia, and Montenegro.
Even after de-activation of the anti-virus software, one is not relieved as the icon can still be visible in the system tray. On clicking on the icon, another forged warning is received by the user and though the computer is safe the user receives warning that the AV software is running in advanced protection mode.
However, though the victim's machine is protected, the Trojan starts a backdoor, that in turn is utilized to install malware onto the system.
Related article: Anti-Spam Laws may not Solve the Problem
» SPAMfighter News - 15-08-2011