Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Flyer containing link to malicious website. Image taken from GrandForksHerald.comThe social engineering technique used in this attack takes form not on the World Wide Web, but on a flyer pinned on a car windshield.

    The URL stated in the flyers is inaccessible as of this writing. However previous reports have indicated that the page displayed images of several cars on parking lots, with the following text:

    To view pictures of your vehicle in Grand Forks, North Dakota download here: CLICK ME FOR THE PICTURE SEARCH TOOLBAR

    Clicking the link CLICK ME FOR THE PICTURE SEARCH TOOLBAR on the page triggers the installation of the file PictureSearchToolbar.exe which is detected as TROJ_BHO.TW. It extracts a malicious DLL file, which in turn is detected as TROJ_DLOADER.UTI.

    TROJ_DLOADER.UTI then attempts to connect to the malicious domain www.{BLOCKED} to download of another malicious DLL file: apstpldr.dll. The said file is also detected as TROJ_DLOADER.UTI.

    apstpldr.dll is also installed as a BHO on the affected system. Once the user reboots the system and connects the Internet, a message box appears alerting the user of a malware infection.

    Clicking the OK button in the message will direct the user to a rogue AV website, where the users is greeted with fake security alerts. The unknowing user is then prompted to download the file InstallAVg_.exe. The said downloaded file is a rogue AV detected as TROJ_FAKEAV.TJ

    Cybercriminals are really doing what they can to get past the users’ careful judgment. Using a social engineering technique that is not computer-related, they are able to lure users into malicious domains. Users are advised to be vigilant, and be wary of these schemes, as a malware scheme need not start in front of a computer, or not even at home.

    The Trend Micro Smart Protection Network now blocks the malicious domain involved in this attack.

    Initially reported by
    Image taken from

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice