Cybercriminals Are Distributing Malware with Fake Flash Player Served from SkyDrive


Fake Flash Player download website

F-Secure researchers have spotted a large number of Trojan.JS.Blacole.Gen infections over the past days. A closer analysis has revealed an interesting malware distribution campaign.

According to experts, cybercriminals have compromised a number of websites, 40% of which from Germany. They’ve taken the scripts from these sites and added malicious code.

When users visit the infected sites, they get redirected to a page that instructs them to update their Flash Player in order to gain access to the content.

If the victim clicks on one of the Download Now links, a file called flashplayer.exe is downloaded from a SkyDrive account. When the user executes this file, a window which reads “Installing latest Flash Player” is displayed.

In the meantime, another piece of malware is downloaded from the same SkyDrive account.

Additional technical details on this attack can be found on F-Secure’s blog.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s