A New Adware Functions As an ActiveX Control
PandaLabs has detected a new adware called ImageAccessActiveXObject that behaves like an ActiveX control enabling users to watch porn pictures. Financialmirror published this on April 19, 2007.
The ImageAccessActiveXObject uses a prank that is a new technique to strive in infecting users' computers, according to anti-virus company PandaLabs.
The adware installs into Windows PCs as users open websites containing porn and which hackers control. When users browse these sites they offer "erotic pictures" through a window. If a user clicks on it, another window appears that instructs to install ActiveX. This control is actually the ImageAccessActiveXObject adware, as published by Theregister on April 17, 2007.
Until now there had been adware masked with codes to view videos, but not ActiveX controls for seeing images. The ActiveX control appears to be a new strategy for entrapping users. While users think they are agreeing to install a legitimate application they actually make way for the adware installation, according to Luis Corrons, technical director of PandaLabs. Home published this on April 18, 2007.
When the adware gets installed it directs users to a web page hosting lewd pictures. This page is, however, not available now. Meanwhile, the malicious code creeps into the infected computers.
The code downloads other malicious software too onto PCs. One is SpyLocked. This adware shows warning message to the user that his/her PC is infected. It also detects ImageAccessActiveXObject and compels users to register the program to disinfect their computers.
Luis Corrons says his firm had found this adware under different names like SpywareQuack or VirusBurst. He explained when these adware creators find that users widely begin to recognize the tools and stop downloading them anymore they just give them a different name. Financialmirror published this on April 19, 2007.
ImageAccessActiveXObject also installs the Securitytoolbar adware. This one plants a fake toolbar and a BHO (Browser Helper Object). It shows pop-up ads and makes links to some harmful web pages.
Related article: A New "Blackmailing" Variant Creeps Around…
» SPAMfighter News - 26-04-2007