Zscaler Blog

Erhalten Sie die neuesten Zscaler Blog-Updates in Ihrem Posteingang

Abonnieren
Security Research

Fake Flash Player On DropBox

image
JULIEN SOBRIER
Mai 03, 2013 - 1 Lesezeit: Min
Fake Flash updates are leveraged as a very popular trick amongst attackers to fool users into downloading and installing malware. This week we found a three websites distributing Win32.Sanity.N malware disguised as Flash updates:
 
  • hxxp://kivancoldu.com/, redirects to hxxp://click-videox.com/
 
Image
http://kivancoldu.com on 05/02/2013
  • hxxp://fastcekim.com/, redirects to hxxp://click-videox.com/
  • hxxp://kivanctatlitug.tk/ d(down)
Image
hxxp://kivanctatlitug.tk/
The fake warning at the top of the page alternates between English and Turkish.

What is interesting is that the malicious executables are actually hosted in a DropBox account and have not been taken down since they were found about seven days ago. I have spotted two different executables so far: These two files have similar behavior. They disable all Windows features: UAC, Firewall, AV, Safe Boot, etc. The malware then drops variants of the Sality virus, some of which have a good detection rate amongst AV vendors.

Interestingly, there is a link on the malicious websites that shows how many people visited it. There were 1,412 unique visitors in a single day.
 
Image
There is another peak of traffic report and on 05/02 registered 1,700 visitors...and counting.
Image

These sites keep popping up and the are still able to fool users.
form submtited
Danke fürs Lesen

War dieser Beitrag nützlich?

Erhalten Sie die neuesten Zscaler Blog-Updates in Ihrem Posteingang

Mit dem Absenden des Formulars stimmen Sie unserer Datenschutzrichtlinie zu.