Fake Shockwave Player Download Site Installs Trojan
In a new stratagem, hackers are tricking users to visit a false Adobe Shockwave Player download site and end up in downloading malware from it, as published by The Register on June 22, 2007.
SANS Internet Storm Center (ISC) discovered the attack on Friday, June 22, 2007. It described how the website directed several users to download malware that would infect their systems. According to ISC handler Bojan Zdrnja, the site mysteriously avoided the iFrame technique used by almost all attackers. The technique of iFrame helps to siphon in the exploit code from a different site.
Zdrnja called it a pure social engineering tactic where the user is tricked to download the malicious code himself. The site that is associated with the game RuneScape displays some incomplete icons and links that lead to a page that tells the user that their Macromedia Flash Player requires updating, according to Zdrnja, as published by PC Advisor on June 22, 2007.
After this information, the user is taken to a replica of the Shockwave Player Download Center, as per Zdrnja. All the links there, except the 'install' link, connect to Adobe's website.
Carelessly enough the attackers missed to hide the non-Adobe URL of the download page. But since the page appears authentic most users might not think it necessary to verify the URL on the address bar, Zdrnja pointed out, and PC Advisor published it on June 22, 2007.
Like in this case, using social engineering in place of exploiting existing vulnerabilities like the iFrame flaw in Internet Explorer helps to add further hackers' range of probable targets.
The net savvy could easily recognize the fake website as a fake URL also appears on the address bar. But the attackers are using such a clever trick that it could still fool the unwary. This is another demonstration where users get infected by getting caught in a false sense of security.
Related article: Fake Spam Mail Announces Australian PM’s Heart Attack
» SPAMfighter News - 04-07-2007