Internet users are being warned about the latest disguise being used by malware authors in their attempt to infect people’s PCs. Below mentioned fraud email pretending to be from YouTube and having the subject line – Your video on the TOP of YouTube.
Quick Heal is proactively detects the malware and protect it’s users from this attack.
When the user clicks on the link present inside the mail, a fraudulent page opens which shown below.
Interestingly, it shows the buffering of video goes on and shortly it will display the video.
But at that moment, the attacker asks to download and installs the Flash Player file.
Innocent internet users may get trapped into such attacks, the downloaded malicious file having the name as Flash_Player.exe and the same icon as that of original file do. This file belongs to the Trojan family and on execution, it does not install any player but it start infecting the computer with Backdoor.Cycbot.G and Trojan.Fareit.C files.
Backdoor.Cycbot.G allows attackers unauthorized access and control of an infected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers.
Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.
Trojan.Fareit.C attempts to steal passwords and user credentials from the infected computer. It may target the following programs: 32bit FT, BitKinex, BulletProof FTP, Classic FTP, CoreFTP,
Direct FTP, FTP Rush, FTP Explorer.
It also captures additional information regarding the infected computer, including:
Port number used by FTP program
Trojan.Fareit.C then sends the captured information to a remote attacker. Such attacks can be used by hackers to steal personal information, spam out malware and junk e-mail, or launch distributed denial of service attacks against innocent users.
Quick Heal is successfully tackles the whole attack, it blocks the fraudulent URL, detects and delete all the malicious files in this attack and thus protecting it’s users from such attack.
Leave a reply