New Video Add-on with Nasty Malware
Published:
February 08 2010, 08:17 PM
by
Zarestel Ferrer
A codec or video add-on has been one of the common form of disguise used by most prevalent malware downloaders. They may arrive in spam emails with catchy subjects or downloaded by another malware.
One of the most active that we have seen recently is “New Video Add-on” scheme used by downloaders. One of its distribution vectors is thru spam email enticing target users to click on the malicious URL. Below are example email subject lines:
[Figure 1 – Spam Emails with Catchy Subjects]
The malicious URL takes advantage of short URL services to hide and bypass mail scanners.
Once the user reaches the real malicious URL, it will show any of the following web pages tricking the user to download the malware file. The downloaded malware file has a filename format “New-Video-Addon.<random 5 numbers>.exe”.
[Figure 2 – Different designs of a browser video player]
This trick has been used by a lot of malware for the past years and it has been an effective vector to distribute malware.
The downloader file is detected by CA as a variant of Win32/FakeCodec.
The downloaded malware files found vary and below are the common ones you can get if you happen to be victimized.
-
Win32/Gamepass - a family of trojans that steals login credentials and in-game information related to various Massively Multiplayer Online Role Playing Games (MMORPG).
-
Win32/Dowgent - a family of trojans that attempts to download and executes additional malware onto the computer.
-
To be on the safe side please avoid clicking URLs from unsolicited emails and please keep your security software’s database signature up to date.