Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
Security Research

Fake Flash Player On DropBox

image
JULIEN SOBRIER
May 03, 2013 - 1 分で読了
Fake Flash updates are leveraged as a very popular trick amongst attackers to fool users into downloading and installing malware. This week we found a three websites distributing Win32.Sanity.N malware disguised as Flash updates:
 
  • hxxp://kivancoldu.com/, redirects to hxxp://click-videox.com/
 
Image
http://kivancoldu.com on 05/02/2013
  • hxxp://fastcekim.com/, redirects to hxxp://click-videox.com/
  • hxxp://kivanctatlitug.tk/ d(down)
Image
hxxp://kivanctatlitug.tk/
The fake warning at the top of the page alternates between English and Turkish.

What is interesting is that the malicious executables are actually hosted in a DropBox account and have not been taken down since they were found about seven days ago. I have spotted two different executables so far: These two files have similar behavior. They disable all Windows features: UAC, Firewall, AV, Safe Boot, etc. The malware then drops variants of the Sality virus, some of which have a good detection rate amongst AV vendors.

Interestingly, there is a link on the malicious websites that shows how many people visited it. There were 1,412 unique visitors in a single day.
 
Image
There is another peak of traffic report and on 05/02 registered 1,700 visitors...and counting.
Image

These sites keep popping up and the are still able to fool users.
form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。