Welcome Guest [Log In] [Register]

Kia Ora
You are currently viewing our forum as a guest. This means you are limited to certain areas of the board and that there are some features you can't use or read.

We are an active community of worldwide senior members participating in chat, politics, travel, health, blogging, graphics, computer issues & help, book club, literature & poetry, finance discussions, recipe exchange and much more. Also, as a member you will be able to access member only sections, many features, send personal messages, make new friends, etc.

Registration is simple, fast and completely free. Why not register today and become a part of the group. Registration button at the very top left of the page.

Thank you for stopping by.

Join our community!

In case of difficulty, email worldwideseniors.org@gmail.com.
If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
Click Fraud Trojan Distributors Borrow Scareware Techniques
Topic Started: Jul 13 2011, 02:33 PM (93 Views)
Deleted User
Deleted User

Quote:
 
Click Fraud Trojan Distributors Borrow Scareware Techniques

Security researchers from GFI warn that cyber criminals pushing click fraud trojans have adopted distribution techniques commonly seen in scareware schemes.

First of all, according to experts, this is one of the first browser-aware schemes used to distribute this type of malware and appears to target Chrome and Firefox users specifically. The trojan, part of the 2GCash family, is distributed from a domain resgistered through a free dynamic DNS provider.

Security researchers don't mention how users end up on this page, but they are most likely taken through several redirects, possibly after clicking on malicious search results. One interesting aspect of this attack is that Internet Explorer users get redirected to usa.gov, a legitimate website, while people using other browsers are served malicious files for download.

For example, Google Chrome users will be prompted to download and install a Flash Player update called v11_flash_AV.exe, even though the browser comes with a bundled Flash plug-in that gets updated regularly. Meanwhile, Firefox users will see a fake "what's new" page that similarly claims that Flash Player is outdated. This mimics the page that normally appears after Firefox is upgraded to a new version and actually performs a check to see if installed plug-ins are up to date.

However, despite warning about an old version of Flash Player, the file served for download is called ff-update.exe. Both files install the same 2GCash variant, a trojan used to perform click fraud and hijack people's search results.


Read more here: http://news.softpedia.com/news/Click-Fraud-Trojan-Distributors-Borrow-Scareware-Techniques-210894.shtml
Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · ALERTS, UPDATES, WARNINGS, NEWS · Next Topic »
Add Reply