Security Bytes

Apr 7 2010   1:03PM GMT

New Trojan masquerades as Adobe update

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

If victims are tricked, the Trojan downloads other malicious files designed to enable attackers to remotely steal data.

TrendLabs engineers have discovered a new trick that uses a phony Adobe update to install a Trojan on victim’s machines.

An unsuspecting victim can fall prey to the trick by visiting a website hosting the malicious code. The engineers, part of Trend Micro’s research team discovered cybercriminals using the scheme to push a Trojan, Troj_Faykdobe, onto victims machines.

“This malware bears identical icons and version details to an Adobe update, which enables it to bypass antivirus software and system analysts, and to trick users into believing that it is legitimate,” wrote Oscar Abendan of Trend’s technical communications team in the TrendLabs Malware Blog.

Analysis of the Trojan was conducted by TrendLabs threat response engineer, Jessa De La Torre. According to De La Torre, the Trojan drops other malware that terminates certain processes and contacts a remote server for orders. It can be controlled by cybercriminals remotely to steal account credentials and other data unknowingly from the victim.

The Trojan does not appear to affect users of Microsoft Vista or Windows 7. It runs on Windows 98, ME, NT, 2000, XP, and Server 2003.

Back in October, the notorious Koobface botnet spread on Facebook using a template spoofing Adobe’s Flash updater embedded within a fake YouTube page. Like the attack technique above, cybercriminals are using legitimate websites to host their malicious code.

The technique of spoofing update utilities has long been used and is growing in popularity as part of the rogue antivirus trend. The scareware uses coding to appear is if it is part of Windows malware threat detection.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: