Security vendor Websense warns that cybercriminals are infecting Chinese users with adware by spoofing the China Central Television (CCTV) website and Internet TV application."
First, the hackers create an imitation CCTV site that has a name that is close to CCTV.COM (e.g. CCTVxxx.COM)," the Websense researchers
explain.
"
On the site they provide a download of the CCTV Box software. Actually, it is just a malware hackers want users to download," they add.
CCTV is a Chinese state TV broadcaster that operates a network of 19 separate channels with a wide variety of programmes.
CCTV Box allows users to watch the network's programming over the Internet and is very popular in China, giving attackers a large pool of potential victims.
The malware distributed in this attack has a very low detection rate on
Virus Total, with only 6 from 43 antivirus engines picking it up as malicious.
The threat has two components. One called update.exe and installed under "C:\Program Files\Internet Explorer" and another called imetool.exe and dropped in "C:\Program Files\imetool."
IMEs (Input Method Editors) are programs designed for inputting complex characters, like Chinese ones, on Latin layout keyboards. A name like "IME tool" won't attract the attention of users who are familiar with such applications.
The malware creates rogue Internet Explorer shortcuts on the desktop, which open the browser with an obscure search engine set as home page.
The hackers make money when users perform searches via this site. Past attacks have shown that methods like this can significantly increase the PageRank of websites.
Furthermore, the malware also drops shortcuts for taobao.com, the Chinese eBay equivalent, which open the site through a referral link.
Users are advised to double check the browser address bar in order to make sure they are on a website they trust before downloading and installing any executable file.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
