However, the developers of these programs do not seem to be involved in the scheme because upon installing them, a different software is actually added to the system.įor instance, when the installation of FLV Player is deployed, the user agreement dialog screen clearly informs that the user is actually accepting to install ConstaSurf and not the video playing utility.
When the relevant downloaded software is executed, the scammer claims affiliate rewards based on the number of successful installs of the software,” Shunichi Imano from Symantec writes in a blog post.Īccording to Imano, among the applications that are surreptitiously downloaded on the victim’s system there is FLV Player, System Speedup, Search Protect, VuuPC, RegClean Pro, Hao123, Buzz-it, ConstaSurf, VLC and Plus HD2. Symantect analyzed the fake installer and determined that it included “a lot of references to remote software installers, which will be downloaded to the affected computer in a sequence.”Īlso, “a lot of the terms seen in the configuration file are IDs for the scammer’s affiliates, such as MinitizationTypes, Payout, Promotion Rate, CTID, and affilid. An additional item is dropped, which downloads an encoded configuration file.
FLV FLASH PLAYER VIRUS UPDATE
If installed, the malicious update proceeds to collect software and hardware information from the infected machine and delivers it to a remote server. The current version is 14.0.0.125, but the fake page offers to install build 11.9.900.152. The pop-up directed the users to a Flash Player download site mimicking the original Adobe page that delivered malicious content. The video sharing service is provided by Nico Nico in Japan and the prompt was caused by a malicious script injected into the code of advertisements distributed through MicroAd and displayed during the video play. Users of a video sharing website with more than 30 million members reported pop-up messages asking them to update Adobe’s Flash Player to the latest version.
0 kommentar(er)
