Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Trojan masquerades as Adobe Flash Player on Facebook

January 21, 2014

Russian anti-virus company Doctor Web is warning users that Trojan.Zipvideom.1 is being spread intensiThe program installs malicious extensions to Mozilla Firefox and Google Chrome in an infected system. These plug-ins hinder web browsing and display annoying ads.

The malicious program Trojan.Zipvideom.1 gets onto computers under the guise of an update for the Adobe Flash browser plug-in. Also, according to users, in early 2014 samples of these Trojans were also being spread by means of Facebook spam. There is reason to believe that the author of the Trojan speaks Turkish.

If the user agrees to update Adobe Flash Player, the first Trojan component—FlashGuncelle.exe—is downloaded to the computer. Simultaneously, the malware displays a fake Adobe Flash Player installation progress window.

After that, FlashGuncelle.exe connects to the criminals' server and downloads another Trojan component, a dropper that installs and launches several other components of the malignant program. They include Flash_Plugin.exe, which modifies the system registry branch responsible for the automatic launch of applications, and then downloads and installs plug-ins for Mozilla Firefox and Google Chrome.

The plug-ins impede web browsing, display ads and can also download other unwanted software onto the computer. It has been discovered that when web pages of popular social networking websites (Twitter, Facebook, Google, YouTube, VKontakte) are loaded into a browser window, these plug-ins also download dubious Java scripts.

To avoid getting infected with Trojan.Zipvideom.1, users are encouraged to download updates and other software only from official sites and to use an anti-virus that will block the installation of malicious files.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040