Cybercriminals Are Distributing Malware with Fake Flash Player Served from SkyDrive

A large number of websites from Germany are being abused in this attack

By on January 16th, 2014 21:31 GMT

F-Secure researchers have spotted a large number of Trojan.JS.Blacole.Gen infections over the past days. A closer analysis has revealed an interesting malware distribution campaign.

According to experts, cybercriminals have compromised a number of websites, 40% of which from Germany. They’ve taken the scripts from these sites and added malicious code.

When users visit the infected sites, they get redirected to a page that instructs them to update their Flash Player in order to gain access to the content.

If the victim clicks on one of the Download Now links, a file called flashplayer.exe is downloaded from a SkyDrive account. When the user executes this file, a window which reads “Installing latest Flash Player” is displayed.

In the meantime, another piece of malware is downloaded from the same SkyDrive account.

Additional technical details on this attack can be found on F-Secure’s blog.
Fake Flash Player download website
   Fake Flash Player download website
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments