Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    Thinking of updating your web browsers? Just make sure that you download from legitimate sources, instead of downloading malware disguised as browser updates onto your system.

    Just recently, we were alerted to a report of several websites offering updates for Internet browsers like Firefox, Chrome, and Internet Explorer just to name some. Users may encounter these pages by clicking malicious ads.

    The bad guys behind this threat made an effort to make this ruse appear legitimate. These pages, as seen below, were made to look like the browsers’ official sites. To further convince users to download the fake update, the sites even offers an integrated antivirus protection:

    Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload.

    The malicious JavaScript, in turn, downloads TROJ_STARTPA.AET and saved it as {Browser Download Path}\install.exe. Based on our initial analysis, the Trojan modifies the user’s Internet Explorer home page to http://{BLOCKED}rtpage.com, a site that may host other malicious files that can further infect a user’s system.

    My colleague Bob Pan attempted to access the related sites via mobile devices. Most of his attempts resulted to an error prompt, except when he tried using devices with Android version 2.3+, in which he was able to download the same file downloaded via a system.

    Using the feedback from Smart Protection Network™ , we uncovered that as of Nov. 23, 2012, France has the most number of infection, followed by the United States and Spain.

    Country Number of Infection
    France 561
    USA 473
    Spain 192
    Mexico 48
    Australia 22

    Software vendors release updates regularly to ensure that users get the latest features and improvements. But cybercriminals, unfortunately, may use this as a social engineering lure to hook users into downloading malware. It doesn’t help that these guys are making an effort to make their bogus sites look exactly like the real deal. Last October, we were alerted to legitimate-looking sites offering fake updates for Adobe, which is detected as TSPY_FAREIT.SMC.

    To avoid this ruse, users must exclusively download updates from a legitimate source or the software vendor’s official websites. Many browsers also include an integrated auto-update feature. Users should also avoid clicking ads or visiting unknown URLs.

    Trend Micro Smart Protection Network™ protects users from this threat by blocking access to these malicious sites. It also detects and deletes JS_DLOADR.AET and TROJ_STRATPA.AET if found in a user’s system.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • SlimBoat

      Hi! Thanks for sharing ..

      You try at once Slimboat.

      SlimBoat
      is a free web browser that is fast, secure and loaded with powerful features.
      It is fast to start up and fast to open your favorite web sites. SlimBoat helps
      you surf the internet safely and securely by incorporating multiple layers of
      protection measures. SlimBoat also includes tons of powerful functions and
      flexible options so that you can reach your favorite destination on Internet in
      the most convenient way while avoiding unnecessary distractions and annoyances.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice