Shapeshifter Trojan disables then mimics anti-virus

By on
Shapeshifter Trojan disables then mimics anti-virus

OMG! You're on YouTube!

A clever trojan is targeting Facebook users with a fake YouTube video that replaces a victim's anti-virus programs with a malicious replica.

The malware destroys a victim's original anti-virus program and installs a replica from any of the 16 most popular anti-virus applications from the likes of Symantec, McAfee and BitDefender.

It even maintains the same language and look and feel of the original anti-virus.

The replica program is installed on restart and despite stealing the look and feel of the original, it lacks all functionality.

Instead it downloads and distributes malware and recruits the computer into a botnet.

Yet the distribution method is even more impressive.

The malware spreads by a fake Adobe Flash Player update embedded into a YouTube video that promises to show victims captured in an embarrassing act.

The video taps into a victims' Facebook network and posts fake comments , ostensibly from the victims' friends, underneath the video to lend credence to the scam.

BitDefender research lead Catalin Cosoi said the social engineering trick was impressive.

Victims are served the Trojan.FakeAV.LVT when they download the purported Adobe Flash update, normal used in legitimate YouTube videos, to view the footage.

"And to make matters worse, the infected fake YouTube video contains your full name in its title, correctly spelt as it appears on your Facebook profile," Cosoi said.

"Fake anti-virus solutions used to be easy to spot, as they’re often completely different to the one that you have installed onto your system. However, Trojan.FakeAV.LVT is clever as it is capable of replicating almost any anti-virus or online security software on the market today.”

Cosoi said users should only download Flash updates through the Adobe website.

Copyright © SC Magazine, Australia


Most Read Articles

Log In

|  Forgot your password?