The Trojan usually arrives in e-mail, then installs itself as a rootkit, using operating-system functions to capture Web traffic. It detects when a user appears to be posting a comment to a blog, then inserts a linethat asks readers to look at “a fun video.” Clicking on the link takes a victim to a malware site where keyloggers or remote-control software can be dropped on the machine.
The variant is hard to isolate, partly because it changes its form every time it’s downloaded.
Secure Computing recommends looking at videos only on known sites, such as YouTube, instead of following links, even from postings that appear to be from a known source.
The full version of this story appeared on TechTarget sister site SearchSecurity.com.