Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

New Trojan Takes Social Engineering Techniques to New Levels

BitDefender UK : 28 July, 2011  (Technical Article)
Trojan.FakeEV.LVT tricks Facebook users into downloading malware while watching YouTube video
New Trojan Takes Social Engineering Techniques to New Levels

BitDefender has discovered a new online threat that uses very sophisticated social engineering techniques in order to uninstall your antivirus solution while adding it to a botnet of infected systems.

The Trojan, dubbed Trojan.FakeAV.LVT, tricks unsuspecting Facebook users into believing that a video about them has been posted on YouTube. The video appears extremely convincing, as it also contains multiple comments from your Facebook friends which have been mocked up. To make matters worse, if infected, the fake YouTube video contains your full name in its title, correctly spelled as it appears on your Facebook profile. As you try to watch the movie, the Trojan prompts you to install an ‘updated version’ of the Flash player plug-in. This in fact carries a rogue or fake antivirus (AV) solution with both malware downloader and botnet capabilities that enable it to continue spreading.

To make matters worse, the fake AV is capable of impersonating the look and feel of 16 different security solutions currently on the market from top-tier antivirus vendors and asks for you to reboot your system in order to complete the install. However, upon restarting, the genuine AV solution on the system is uninstalled and completely replaced by a high-quality replica that not only lacks AV functionality, but also uses the infected PC to spread malware to others. These replicas are also localised and will only display messages in the language that the genuine antivirus has been set to.

“Trojan.FakeAV.LVT takes social engineering to a whole new level by presenting the user with extremely convincing scenarios at each stage of the process. The video looks and feels real as it contains your name in the title, as well as comments from your Facebook friends. Meanwhile, fake antivirus solutions used to be easy to spot, as they’re often completely different to the one that you have installed onto your system,” said Catalin Cosoi, Head of the BitDefender Online Threats Lab.

Catalin continued, “However, Trojan.FakeAV.LVT is deceptively clever as it is capable of replicating almost any antivirus or online security software on the market today. To guard against these cunning new threats, BitDefender recommends downloading Flash-related updates through the Adobe website, instead of through a redirect link. If you’re unsure whether the video is legitimate, it’s best to go directly to YouTube and search for the video’s existence.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo