Malware Circulates on Installing Facebook-driven Microsoft Silverlight
Forged Facebook warnings about modifications in account information are appearing in email inbox of users, compelling them to set up Microsoft Silverlight that ultimately brings in malicious software, report researchers at Barracuda Labs.
According to the news published in Help Net Security on February 17, 2012, when the victim clicks the link, a .pif file from Malaysia-located server appears. If the file, similar to executable files, is run, then it loads Trojan.Win32.Jorik. trojans are executables, and the common Windows warning about downloading and running destructive software does take place. When users click on the 'fake' Silverlight graphic, they do get a warning about the program they are about to run, but it is unluckily ignored by them. That is why the Microsoft Silverlight is a smart addition to the trick.
Once the keylogger is installed, it begins registering each keystroke and webpage title in a disk file that is finally sent to a C&C server managed by cybercriminals.
As the whole procedure is alike the original one, wherein the genuine Silverlight is downloaded and installed, the victim may be unaware of the truth that he has indeed downloaded a keylogger which is designed to filch credentials used in web pages and applications.
The keylogger can detain nearly anything done on the internet. This is of crucial concern when a user visits those secure sites whose usernames and passwords he wants to keep confidential.
Barracuda Labs security experts advise that a strong doubt should be maintained about anything that appears in an electronic mail. Cybercriminals and malicious software distributors persistently find ways to induce users to click the 'run' button. The researchers give advice to web users to remain vigilant instead of falling prey to spammers' tricks.
The web users are always advocated that they should guard themselves against any doubtful posts which may turn up in their inbox. Fake Facebook warnings could be designed in a better way than this one, and thus, it is significant to be cynical even if the email or information looks authentic at first glance.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 25-02-2012