BitDefender has discovered a new online threat that uses very sophisticated social engineering techniques in order to uninstall your antivirus solution while adding it to a botnet of infected systems.
The Trojan, dubbed Trojan.FakeAV.LVT, tricks unsuspecting Facebook users into believing that a video about them has been posted on YouTube. The video appears extremely convincing, as it also contains multiple comments from your Facebook friends which have been mocked up. To make matters worse, if infected, the fake YouTube video contains your full name in its title, correctly spelled as it appears on your Facebook profile. As you try to watch the movie, the Trojan prompts you to install an ‘updated version’ of the Flash player plug-in. This in fact carries a rogue or fake antivirus (AV) solution with both malware downloader and botnet capabilities that enable it to continue spreading.
To make matters worse, the fake AV is capable of impersonating the look and feel of 16 different security solutions currently on the market from top-tier antivirus vendors and asks for you to reboot your system in order to complete the install. However, upon restarting, the genuine AV solution on the system is uninstalled and completely replaced by a high-quality replica that not only lacks AV functionality, but also uses the infected PC to spread malware to others. These replicas are also localised and will only display messages in the language that the genuine antivirus has been set to.
“Trojan.FakeAV.LVT takes social engineering to a whole new level by presenting the user with extremely convincing scenarios at each stage of the process. The video looks and feels real as it contains your name in the title, as well as comments from your Facebook friends. Meanwhile, fake antivirus solutions used to be easy to spot, as they’re often completely different to the one that you have installed onto your system,” said Catalin Cosoi, Head of the BitDefender Online Threats Lab.
Catalin continued, “However, Trojan.FakeAV.LVT is deceptively clever as it is capable of replicating almost any antivirus or online security software on the market today. To guard against these cunning new threats, BitDefender recommends downloading Flash-related updates through the Adobe website, instead of through a redirect link. If you’re unsure whether the video is legitimate, it’s best to go directly to YouTube and search for the video’s existence.”