Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A clever trojan is targeting Facebook users with a fake YouTube video that replaces a victim's anti-virus programs with a malicious replica.
The malware destroys a victim's original anti-virus program and installs a replica from any of the 16 most popular anti-virus applications from the likes of Symantec, McAfee and BitDefender.
It even maintains the same language and look and feel of the original anti-virus.
The replica program is installed on restart and despite stealing the look and feel of the original, it lacks all functionality.
Instead it downloads and distributes malware and recruits the computer into a botnet.
Yet the distribution method is even more impressive.
The malware spreads by a fake Adobe Flash Player update embedded into a YouTube video that promises to show victims captured in an embarrassing act.
The video taps into a victims' Facebook network and posts fake comments , ostensibly from the victims' friends, underneath the video to lend credence to the scam.
BitDefender research lead Catalin Cosoi said the social engineering trick was impressive.
Victims are served the Trojan.FakeAV.LVT when they download the purported Adobe Flash update, normal used in legitimate YouTube videos, to view the footage.
"And to make matters worse, the infected fake YouTube video contains your full name in its title, correctly spelt as it appears on your Facebook profile," Cosoi said.
"Fake anti-virus solutions used to be easy to spot, as they’re often completely different to the one that you have installed onto your system. However, Trojan.FakeAV.LVT is clever as it is capable of replicating almost any anti-virus or online security software on the market today.”
Cosoi said users should only download Flash updates through the Adobe website.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.