Trojan Delivered in Fake Software Update

Monday, March 9, 2015 @ 03:03 PM gHale


A new malware delivery campaign is shipping out a password-stealing Trojan that can also download additional malware.

This campaign is targeting users who’s DNS server settings end up changed to redirect them to malicious sites without their knowledge, said researchers at F-Secure. This can be the result of a previous compromise of their routers via malware such as the DNSChanger Trojan, or a malvertising campaign.

RELATED STORIES
Huge Botnet Disabled
Malware Couples with Backdoor Trojan
Botnets Continue their Rise
IBM Patches Mobile Offering

However it happened, these users are now in danger of the malware called Fareit.

“When the DNS server settings have been changed to point to a malicious server used by Fareit, the unsuspecting user visiting common websites gets an alert saying ‘WARNING! Your Flash Player may be out of date. Please update to continue’,” F-Secure researchers said.

Users then see a legitimate looking, but malicious, download page.

Those who don’t know that a software named Flash Player Pro actually doesn’t exist could end up tricked into downloading and running the offered file (setup.exe).

Victims should be aware if they don’t restore the router’s DNS server settings to what they should be, they are likely to suffer from more infection attempts.

F-Secure researchers suggested taking the following steps: Disconnect the router from the Internet and reset it; change the router password on the router; disable its remote administration feature; update its firmware; reboot the computer to flush the DNS cache, and scan the computer using an up-to-date antivirus solution.



Leave a Reply

You must be logged in to post a comment.