Trojan Un-Installs Real AV, Loads Fake AV

BitDefender, the security company is warning Facebook users for remaining vigilant of one fresh Trojan virus, which is circulating across the social-networking website. TechRomp published this in news on July 25, 2011.

Apparently, while tricking unwitting Web-surfers browsing Facebook, the Trojan named Trojan.FakeAV.LVT makes them believe that there is one movie file on them being added to YouTube. The file seems utterly convincing since there are several comments in it emerging from friends of Facebook's users though really being mocked up.

Now, if visitors follow the notification by clicking on it, they're led onto a web-page that displays their names like within the profiles in their Facebook accounts along with messages from their followers.

Subsequently, if they attempt at seeing the movie, Trojan.FakeAV.LVT suggests them for loading Flash Player (revised edition) which, however, contains software designed to mimic various security solutions. The so-called update also contains rogue antivirus software that's capable of downloading malware as well as functioning like a bot-network. Meanwhile, the rogueware appears like 16 different security software presently available from security vendors. It allegedly tells the victim that he must restart his computer, doing which the actual anti-virus gets un-installed while the rogue anti-virus takes its place.

Says head of anti-malware research lab Catalin Cosoi at BitDefender, the movie appears genuine since it carries the victim's name along with the remarks his Facebook friends supposedly post. TechDay published this in news on July 25, 2011.

But, Trojan.FakeAV.LVT acts cunningly since it can copy nearly all security software or anti-viruses currently being sold in the market, warns Cosoi.

Furthermore, Cosoi says that for staying clear off the clever e-threats, BitDefender suggests users take down Flash-related security upgrades from Adobe's official website rather than via any web-link. He adds that incase an end-user feels uncertain about the movie's genuineness, he can visit YouTube straight away where he can hunt for the movie's presence. PRWire published this in news on July 25, 2011.

Finally, the research lab chief suggests users to take down updates from local markets instead of following URLs leading onto other websites, for remaining protected from the above attacks.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 8/2/2011