Cybercriminals have long used videos as a lure to get unknowing users to download and install malware onto their systems. Recently, however, a new variant came up that differs just a little from the usual modus operandi.

TROJ_SMALL.UY, at first glance, appears to be a fairly standard malware that’s installed by claiming it’s needed for a video. There’s one difference, though: TROJ_SMALL.UY, which poses as an installer for Adobe Flash Player, does appear to actually install Adobe Flash Player.

In fact, TROJ_SMALL.UY goes to a fair amount of trouble to look like a legitimate program. Consider, first of all, the page where it can be downloaded from:

Whoever was behind this Trojan went to a lot of effort to replicate the look and feel of the real Adobe site, and even used a domain name very close to the word Adobe.

The same is true for the installer:

Similarly, some effort has been made here to replicate a legitimate Windows installer. It wouldn’t be too hard to conclude that this was a legitimate installer for Adobe Flash Player. It even adds an uninstaller in the Control Panel, after all!

While TROJ_SMALL.UY may indeed install Adobe Flash Player, something extra is along for the party: it also drops a DLL file that’s detected as TROJ_DLOADER.ZEK. As this is a Trojan downloader, as a practical matter this means that the field is wide open to any malware threat.

While the website hosting this modified Flash Player is already blocked through the Smart Protection Network, it’s doubtful this is the last we’ll see of this particular threat.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!