Zscaler Uncovers Update for Flash Player, Actually a Malware

Often like before, cyber-criminals have yet again unleashed a malware strain in the guise of a Flash Player update, which researchers at Zscaler the security firm recently analyzed.

To begin, the attack relies on several websites, which divert people visiting them, onto click-video.com. When on this website, victims find a prompt either in Turkish or English language that they should download an Adobe Flash Player update for watching a movie file.

Interestingly, the malevolent update uses a Dropbox A/C as its storage place.

The security researchers identified twin executable files namely Videonuizle.exe and FlashPlayer.sfx.exe. When run, these executables attempt at deactivating Windows' User Account Control (UAC) and security software such as anti-virus and firewall.

Eventually, a Sality sample, the infamously known PC-virus gets planted onto victims' computers. Sality represents one group of viruses that contaminate files as it proliferates by contaminating .scr as well as .exe files. There's further the autorun worm incorporated into Sality, which lets its dissemination onto detachable else discoverable drives. Additionally, there's one downloader Trojan element too inside Sality which loads more malicious programs off the Web.

Whilst the majority of anti-virus applications highlight the malware, the early executables are detectable with merely a few programs. Specifically, FlashPlayer.sfx.exe is presently detectable with merely 2 AV engines out of the total 46 of VirusTotal, whereas Videonuizle.exe is detectable with merely 5.

It maybe mentioned that the malicious online sites contain one link which shows the number of visitors accessing them. Apparently, according to Zscaler, the current scam seems as one, extremely successful.

Julien Sobrier, Security Researcher at Zscaler states that the websites of late received a huge 1,700 visitors daily. These websites continuously emerge and they continue to effectively dupe end-users, Sobrier blogs. Esecurityplanet.com published this dated May 6, 2013.

Meanwhile, a similar scam happened during March-end 2013 which Microsoft reported. At that time, the company got 70,000 complaints about one Trojan made to appear like an update for the Flash Player. The malware altered the top-page of users' Web-browsers while diverted them onto the attacker's site. Microsoft identified the Trojan that disseminated through electronic mails, as Trojan:Win32/Preflayer.A.

» SPAMfighter News - 5/17/2013