The Latest in IT Security

Malware Attack through Fake YouTube Video.

23
Feb
2012

Internet users are being warned about the latest disguise being used by malware authors in their attempt to infect people’s PCs. Below mentioned fraud email pretending to be from YouTube and having the subject line – Your video on the TOP of YouTube.

Quick Heal is proactively detects the malware and protect it’s users from this attack.

When the user clicks on the link present inside the mail, a fraudulent page opens which shown below.

Interestingly, it shows the buffering of video goes on and shortly it will display the video.
But at that moment, the attacker asks to download and installs the Flash Player file.

Innocent internet users may get trapped into such attacks, the downloaded malicious file having the name as Flash_Player.exe and the same icon as that of original file do. This file belongs to the Trojan family and on execution, it does not install any player but it start infecting the computer with Backdoor.Cycbot.G and Trojan.Fareit.C files.

Backdoor.Cycbot.G allows attackers unauthorized access and control of an infected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers.
Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

Trojan.Fareit.C attempts to steal passwords and user credentials from the infected computer. It may target the following programs: 32bit FT, BitKinex, BulletProof FTP, Classic FTP, CoreFTP,
Direct FTP, FTP Rush, FTP Explorer.

It also captures additional information regarding the infected computer, including:
FTP credentials
Host details
Port number used by FTP program

Trojan.Fareit.C then sends the captured information to a remote attacker. Such attacks can be used by hackers to steal personal information, spam out malware and junk e-mail, or launch distributed denial of service attacks against innocent users.

Quick Heal is successfully tackles the whole attack, it blocks the fraudulent URL, detects and delete all the malicious files in this attack and thus protecting it’s users from such attack.

Leave a reply


Categories

THURSDAY, JANUARY 17, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks