scoutt
07-07-2007, 10:57 AM
(June 22, 2007)
Malware purveyors have been creating phony Adobe Shockwave Player
websites to trick users into downloading a Trojan horse program. Users
visit sites related to online games or other activities that require
Shockwave. The lure sites present the users with broken icons,
indicating there is something wrong with their version of Shockwave, if
it is already installed. The users are given links to a site that will
purportedly diagnose the problem with Shockwave, which invariably turns
out to be the need to upgrade. The users are then redirected to a phony
site for the upgrade where a Trojan, rather than a working version of
the software, is downloaded onto their computer.
Internet Storm center: http://isc.sans.org/diary.html?storyid=3024
http://www.theregister.co.uk/2007/06/22/shockwave_social_engineering_ruse/print.html
Malware purveyors have been creating phony Adobe Shockwave Player
websites to trick users into downloading a Trojan horse program. Users
visit sites related to online games or other activities that require
Shockwave. The lure sites present the users with broken icons,
indicating there is something wrong with their version of Shockwave, if
it is already installed. The users are given links to a site that will
purportedly diagnose the problem with Shockwave, which invariably turns
out to be the need to upgrade. The users are then redirected to a phony
site for the upgrade where a Trojan, rather than a working version of
the software, is downloaded onto their computer.
Internet Storm center: http://isc.sans.org/diary.html?storyid=3024
http://www.theregister.co.uk/2007/06/22/shockwave_social_engineering_ruse/print.html