Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us

    Flyer containing link to malicious website. Image taken from GrandForksHerald.comThe social engineering technique used in this attack takes form not on the World Wide Web, but on a flyer pinned on a car windshield.

    The URL stated in the flyers is inaccessible as of this writing. However previous reports have indicated that the page displayed images of several cars on parking lots, with the following text:

    To view pictures of your vehicle in Grand Forks, North Dakota download here: CLICK ME FOR THE PICTURE SEARCH TOOLBAR

    Clicking the link CLICK ME FOR THE PICTURE SEARCH TOOLBAR on the page triggers the installation of the file PictureSearchToolbar.exe which is detected as TROJ_BHO.TW. It extracts a malicious DLL file, which in turn is detected as TROJ_DLOADER.UTI.

    TROJ_DLOADER.UTI then attempts to connect to the malicious domain www.{BLOCKED}dhe.com to download of another malicious DLL file: apstpldr.dll. The said file is also detected as TROJ_DLOADER.UTI.

    apstpldr.dll is also installed as a BHO on the affected system. Once the user reboots the system and connects the Internet, a message box appears alerting the user of a malware infection.

    Clicking the OK button in the message will direct the user to a rogue AV website, where the users is greeted with fake security alerts. The unknowing user is then prompted to download the file InstallAVg_.exe. The said downloaded file is a rogue AV detected as TROJ_FAKEAV.TJ

    Cybercriminals are really doing what they can to get past the users’ careful judgment. Using a social engineering technique that is not computer-related, they are able to lure users into malicious domains. Users are advised to be vigilant, and be wary of these schemes, as a malware scheme need not start in front of a computer, or not even at home.

    The Trend Micro Smart Protection Network now blocks the malicious domain involved in this attack.

    Initially reported by SANS.org.
    Image taken from GrandForksHerald.com





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice