If you need to download a Shockwave player to view some animation-laden, rich multimedia content on the web, you’d probably download the player from one of the two websites depicted below. Question: from which one are you going to download?

We’ve raised this question because of a new report regarding a fake Adobe Shockwave Player download site. Yes, one of the website depicted above is a fake one, supposedly hosting a Trojan that Trend detects as TROJ_DROPPER.HRZ. So instead of installing Shockwave Player, the unsuspecting user would end up installing a Trojan and compromising his system. As for their social engineering tactic, the perpetrators behind this malware take advantage of the ordinary user’s naivetÃ?©. The apparent likeness of the fake website in comparison to the real one is aimed to capture the user’s trust and to lure him into clicking that download link. Furthermore, it doesn’t even allow the user to view the page’s HTML source, although in a limited way. The fake website contains a javascript code that denies access to the context (popup) menu, done by disabling the right mouse click. However, the HTML source can still be viewed by selecting View and then Source from the main menu in Internet Explorer.




Similar incidents have happened in the past, most recently a fake Winrar download site. Just in case you’re still wondering which one is the fake website, it’s the one at the top

While the recent Italian job uproar has still yet to settle down, a new attack is trying to cause a stir again in Italy. This time, it is a spam attack. Seems like the Web bullies are not about to back down on Italy just yet. The malicious email capitalizes on the much-awaited releases of Harry Potter s next book and movie installment, which are both scheduled this July. The said email message promotes the next Harry Potter movie, saying that clicking the attachment gives the recipients a chance to win two seats to the movie premier. However, instead of getting movie passes, users who click on the attachment get an HTTP downloader. Based on initial analysis by Senior AV researcher David Sancho, this malware connects to a malicious Web site to download other malware into the affected user s computer. Trend Micro detects this downloader as TROJ_DLOADER.NKY. The promotion is said to be only for Italy, which indicates that the attack is yet again targeted on the said region. But regardless of where the attack is targeted, users should be wary of the said email message. TrendLabs is currently working to provide an in-depth analysis for this new threat. Updates to be posted soon.

Update: Here is the snapshot of the email.