Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscribirse
Security Research

Fake Flash Player On DropBox

image
JULIEN SOBRIER
May 03, 2013 - 1 Min de lectura
Fake Flash updates are leveraged as a very popular trick amongst attackers to fool users into downloading and installing malware. This week we found a three websites distributing Win32.Sanity.N malware disguised as Flash updates:
 
  • hxxp://kivancoldu.com/, redirects to hxxp://click-videox.com/
 
Image
http://kivancoldu.com on 05/02/2013
  • hxxp://fastcekim.com/, redirects to hxxp://click-videox.com/
  • hxxp://kivanctatlitug.tk/ d(down)
Image
hxxp://kivanctatlitug.tk/
The fake warning at the top of the page alternates between English and Turkish.

What is interesting is that the malicious executables are actually hosted in a DropBox account and have not been taken down since they were found about seven days ago. I have spotted two different executables so far: These two files have similar behavior. They disable all Windows features: UAC, Firewall, AV, Safe Boot, etc. The malware then drops variants of the Sality virus, some of which have a good detection rate amongst AV vendors.

Interestingly, there is a link on the malicious websites that shows how many people visited it. There were 1,412 unique visitors in a single day.
 
Image
There is another peak of traffic report and on 05/02 registered 1,700 visitors...and counting.
Image

These sites keep popping up and the are still able to fool users.
form submtited
Gracias por leer

¿Este post ha sido útil?

Reciba las últimas actualizaciones del blog de Zscaler en su bandeja de entrada

Al enviar el formulario, acepta nuestra política de privacidad.