The case of Trojan.FakeAV.LVT gives a new dimension to engineering
social. Its deployment is extremely complex: a window
Facebook chat, friend commits a conversation with the person targeted.
The conversation starts with questions like "Hi, how are you
? "," Is that you in this video? "Or" You want to see? "Followed a link to
a video meant to represent the person targeted.
Clicking the link brings up a page containing a YouTube video
with the target name in title (directly out of his Facebook profile).
In addition, some friends of the target (whose names are taken from the list
Facebook friends) are reported to have commented on
the video.
If the target click to see the movie, he or she will be invited (e) to download a
new version of Flash Player, because the currently installed version
is "outdated." In reality, the download installs a Trojan on
the user's PC.
Malicious code added to the list of firewall authorized applications,
and sometimes the firewall itself is disabled. All notifications
produced by the firewall and antivirus installed on the PC will be disabled,
depriving the system of protection. The Trojan displays a
warning window and requires a system reboot to
destroy the alleged virus. An update mechanism allows complex
the malicious code to remain unnoticed and add constantly
new components of malware.
social. Its deployment is extremely complex: a window
Facebook chat, friend commits a conversation with the person targeted.
The conversation starts with questions like "Hi, how are you
? "," Is that you in this video? "Or" You want to see? "Followed a link to
a video meant to represent the person targeted.
Clicking the link brings up a page containing a YouTube video
with the target name in title (directly out of his Facebook profile).
In addition, some friends of the target (whose names are taken from the list
Facebook friends) are reported to have commented on
the video.
If the target click to see the movie, he or she will be invited (e) to download a
new version of Flash Player, because the currently installed version
is "outdated." In reality, the download installs a Trojan on
the user's PC.
Malicious code added to the list of firewall authorized applications,
and sometimes the firewall itself is disabled. All notifications
produced by the firewall and antivirus installed on the PC will be disabled,
depriving the system of protection. The Trojan displays a
warning window and requires a system reboot to
destroy the alleged virus. An update mechanism allows complex
the malicious code to remain unnoticed and add constantly
new components of malware.
Aucun commentaire:
Enregistrer un commentaire