Cybercriminals have long used videos as a lure to get unknowing users to download and install malware onto their systems. Recently, however, a new variant came up that differs just a little from the usual modus operandi.
TROJ_SMALL.UY, at first glance, appears to be a fairly standard malware that’s installed by claiming it’s needed for a video. There’s one difference, though: TROJ_SMALL.UY, which poses as an installer for Adobe Flash Player, does appear to actually install Adobe Flash Player.
In fact, TROJ_SMALL.UY goes to a fair amount of trouble to look like a legitimate program. Consider, first of all, the page where it can be downloaded from:
Whoever was behind this Trojan went to a lot of effort to replicate the look and feel of the real Adobe site, and even used a domain name very close to the word Adobe.
The same is true for the installer:
Similarly, some effort has been made here to replicate a legitimate Windows installer. It wouldn’t be too hard to conclude that this was a legitimate installer for Adobe Flash Player. It even adds an uninstaller in the Control Panel, after all!
While TROJ_SMALL.UY may indeed install Adobe Flash Player, something extra is along for the party: it also drops a DLL file that’s detected as TROJ_DLOADER.ZEK. As this is a Trojan downloader, as a practical matter this means that the field is wide open to any malware threat.