Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Fake Shockwave Player Download Site Installs Trojan

In a new stratagem, hackers are tricking users to visit a false Adobe Shockwave Player download site and end up in downloading malware from it, as published by The Register on June 22, 2007.

SANS Internet Storm Center (ISC) discovered the attack on Friday, June 22, 2007. It described how the website directed several users to download malware that would infect their systems. According to ISC handler Bojan Zdrnja, the site mysteriously avoided the iFrame technique used by almost all attackers. The technique of iFrame helps to siphon in the exploit code from a different site.

Zdrnja called it a pure social engineering tactic where the user is tricked to download the malicious code himself. The site that is associated with the game RuneScape displays some incomplete icons and links that lead to a page that tells the user that their Macromedia Flash Player requires updating, according to Zdrnja, as published by PC Advisor on June 22, 2007.

After this information, the user is taken to a replica of the Shockwave Player Download Center, as per Zdrnja. All the links there, except the 'install' link, connect to Adobe's website.

The payload on the site is a Trojan program. The site hosts JavaScript that renders the user's right mouse click useless, added SANS Institute's Internet Storm Center, as reported by The Register published on June 22, 2007.

Carelessly enough the attackers missed to hide the non-Adobe URL of the download page. But since the page appears authentic most users might not think it necessary to verify the URL on the address bar, Zdrnja pointed out, and PC Advisor published it on June 22, 2007.

Like in this case, using social engineering in place of exploiting existing vulnerabilities like the iFrame flaw in Internet Explorer helps to add further hackers' range of probable targets.

The net savvy could easily recognize the fake website as a fake URL also appears on the address bar. But the attackers are using such a clever trick that it could still fool the unwary. This is another demonstration where users get infected by getting caught in a false sense of security.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 7/4/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page