Fake Adobe Flash Player Websites Dispersing Malware found by Symantec
Security experts of Symantec have revealed fake Adobe Flash player update website that offer malware. Visually, the malevolent websites are very well designed.
However, when users run mouse over the other links than the "Download now" button, they are trapped to be lead to some malicious domain, rather than a genuine Adobe website.
Symantec researchers have noticed the scam and noticed that ill-fated visitors to the page are attacked from two sides.
"Option 1 is a pop-up message that triggers the requests the user in downloading a file named flash_player_updater.exe. Option 2 is the 'Download Now' button requesting the user to download a file called update_flash_update. Exe", they claims and both include the Ponik Trojan downloader, published HELP NET SECURITY dated February 27, 2013.
Although these files are same, they have different behaviors. Option 1 installs ransomware whereas the other, i.e. Option 2 installs an ad-clicking component, both of which functions for illogical revenue formation.
The flash_player_updater.exe file releases a POST request on port8080. The Trojan then receives order to download files on three diverse locations. All three files are similar and are utilized by the attacker to move forward the resilience of the threat by giving more locations for the threat to contact any one definite website be unapproachable for any reason. Symantec found these files as Trojan.Ransomlock which presents the victim with a warning text from FBI (Federal Bureau of Investigation) Cybercrime Division and request him to pay a fine to have their computer unlocked.
To influence more, the threats recognize the antivirus installed on the computer and exhibits its logo inside the lock screen.
Users who select to install the second file end up with a Trojan that downloads three files from a remote location. Once they' are installed, the malicious elements run silently in the surrounding to activate the fraud.
To substantiate that you become a victim in the initial place, please make sure that your antivirus definitions are updated and that your software packages are also periodically updated, do not download updates from the third-party side and always check the URL for the second time also for the download that is being offered, concluded Symantec.
Related article: Fake-mails Troubling Credit Union Customers
» SPAMfighter News - 09-03-2013