January 21, 2014

Russian anti-virus company Doctor Web is warning users that Trojan.Zipvideom.1 is being spread intensiThe program installs malicious extensions to Mozilla Firefox and Google Chrome in an infected system. These plug-ins hinder web browsing and display annoying ads.

The malicious program Trojan.Zipvideom.1 gets onto computers under the guise of an update for the Adobe Flash browser plug-in. Also, according to users, in early 2014 samples of these Trojans were also being spread by means of Facebook spam. There is reason to believe that the author of the Trojan speaks Turkish.

If the user agrees to update Adobe Flash Player, the first Trojan component—FlashGuncelle.exe—is downloaded to the computer. Simultaneously, the malware displays a fake Adobe Flash Player installation progress window.

After that, FlashGuncelle.exe connects to the criminals' server and downloads another Trojan component, a dropper that installs and launches several other components of the malignant program. They include Flash_Plugin.exe, which modifies the system registry branch responsible for the automatic launch of applications, and then downloads and installs plug-ins for Mozilla Firefox and Google Chrome.

The plug-ins impede web browsing, display ads and can also download other unwanted software onto the computer. It has been discovered that when web pages of popular social networking websites (Twitter, Facebook, Google, YouTube, VKontakte) are loaded into a browser window, these plug-ins also download dubious Java scripts.

To avoid getting infected with Trojan.Zipvideom.1, users are encouraged to download updates and other software only from official sites and to use an anti-virus that will block the installation of malicious files.