Internet users are being warned about the latest disguise being used by malware authors in their attempt to infect people’s PCs. The fraud email shown below pretends to be from YouTube and carries the subject line – “Your video on the TOP of YouTube”.
Quick Heal proactively blocks this email threat.
When the user clicks on the link present inside the mail, a fraudulent page opens which is shown below.
Interestingly, it shows the buffering of a video going on in the background and says it will shortly display the video.
But at that moment, the attacker asks the user to download and install a Flash Player file.
Innocent Internet users may get tricked by such attacks as the downloadable malicious file has the name ‘Flash_Player.exe’ and even displays the same icon as that of the original file. This file belongs to the Trojan family and upon execution it does not install any player but instead starts infecting the computer with Backdoor.Cycbot.G and Trojan.Fareit.C files.
Backdoor.Cycbot.G allows attackers unauthorized access to and control of an infected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers.
Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions such as launching denial of service (DoS) attacks and retrieving system information from infected computers.
Trojan.Fareit.C attempts to steal passwords and user credentials from the infected computer. It may target the following programs: 32bit FT, BitKinex, BulletProof FTP, Classic FTP, CoreFTP, Direct FTP, FTP Rush, FTP Explorer.
It also captures additional information regarding the infected computer, including:
Port number used by FTP program
Trojan.Fareit.C then sends the captured information to a remote attacker. Such attacks can be used by hackers to steal personal information, spam out malware and junk e-mail or launch distributed denial of service attacks against innocent users.
Quick Heal successfully tackles the entire attack, blocks the fraudulent URL, detects and deletes all the malicious files in this attack and thus protects its users from such threats.