The Kaspersky weblog warns us of social engineering tactics (in this case beautiful women) being used to spread malware on Twitter. (hat tip: Ryan Naraine) So Twitter as a social network has moved from being misused to spam members to distributing malware.
If you click on the link, you get a window that shows the progress of an automatic download of a so-called new version of Adobe Flash which is supposedly required to watch the video. You end up with a file labeled Adobe Flash (it’s a fake) on your machine; a technique that is currently very popular.
In reality, this is a Trojan downloader that proceeds to download 10 bankers onto the infected machine, all of which are disguised as MP3 files. We first detected the downloader proactively as Heur.Downloader and then added a signature to detect it also as Trojan-Downloader.Win32.Banload.sco. (Source: Kaspersky weblog)
I didn't know that the PSIRT (Product Security Incident Response Team) of Adobe started a blog which incidentally also confirmed this attack today.
They remind us that the official download link for Flash is at http://www.adobe.com/go/getflashplayer/. When being presented with a download link, it's always safe practice to not follow the link and go directly to the vendor's site to search for the update.
Additionally, their installer is digitally signed with ‘Adobe Systems, Incorporated’, and you can verify this by by right-clicking on the installer, selecting ‘Properties’, and going to the ‘Digital Signatures’ tab.
Finally, there is also an ongoing email campaign, distributing a fake flash component. The email appears to come from CNN.com and lists the Top ten newsstories. When following one of the links, the user is prompted to download the get_flash_update.exe malicious “codec”. For a more detailed analysis, visit the malwaredatabase.net website.
I wonder if our friends from StormWorm are behind this wave?
UPDATE (06/08/2008/): Dancho Danchev has a list of the domains used in this campaign and an analysis of the botnet.
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment