Tuesday, March 04, 2008

Fake Macromedia Flash ActiveX Plugin

We have seen Zlob fake codecs using the now standard "Video ActiveX Object Error" message boxes to push their malware into PCs. Now, the gang behind Zlob has started (mis)using Macromedia Flash Player's name in their rogue sites. Here's one example, which says that you need to install Macromedia Flash ActiveX Video Component to watch certain videos:



If you follow the link and install what they are pushing, then you will end up infecting your system with a pretty nasty Zlob variant ;) Here's what VirusTotal scan says about the fake setup:
Avast - Win32:Agent-SWC
AVG - Downloader.Zlob.ABQ
eSafe - suspicious Trojan/Worm
F-Secure - Suspicious:W32/Malware!Gemini
Ikarus - Trojan.Zlob.2
Microsoft - TrojanDownloader:Win32/Zlob.gen!AV
NOD32v2 - Win32/TrojanDownloader.Zlob.BQU
Prevx1 - Generic.Malware
VBA32 - suspected of Downloader.Zlob.3


The installer is hosted at www.aviadaptation.com and some of the domains pushing this malware are:
codecpak.info
fakeporno.info
freepornoghraphy.info
myfreebestadult.com
pornohentais.info
pornomonkey.info
pornoromanesti.info
pornoshoes.info
pornoveryyoung.info
pornoyu.info
s14.quicksharing.com


By the way, do NOT visit any of these sites as they all are live malware pushers!

0 Comments:

Post a Comment

<< Home