January 21, 2014
The malicious program Trojan.Zipvideom.1 gets onto computers under the guise of an update for the Adobe Flash browser plug-in. Also, according to users, in early 2014 samples of these Trojans were also being spread by means of Facebook spam. There is reason to believe that the author of the Trojan speaks Turkish.
If the user agrees to update Adobe Flash Player, the first Trojan component—FlashGuncelle.exe—is downloaded to the computer. Simultaneously, the malware displays a fake Adobe Flash Player installation progress window.
After that, FlashGuncelle.exe connects to the criminals' server and downloads another Trojan component, a dropper that installs and launches several other components of the malignant program. They include Flash_Plugin.exe, which modifies the system registry branch responsible for the automatic launch of applications, and then downloads and installs plug-ins for Mozilla Firefox and Google Chrome.
The plug-ins impede web browsing, display ads and can also download other unwanted software onto the computer. It has been discovered that when web pages of popular social networking websites (Twitter, Facebook, Google, YouTube, VKontakte) are loaded into a browser window, these plug-ins also download dubious Java scripts.
To avoid getting infected with Trojan.Zipvideom.1, users are encouraged to download updates and other software only from official sites and to use an anti-virus that will block the installation of malicious files.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.