Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Quote
Trend Micro threat analysts were alerted to the discovery of a spyware (detected as TSPY_EBOD.A) purporting to be an Adobe Flash Player update. Upon execution, the spyware creates a Firefox add-on called “Adobe Flash Player 0.2,” the installer of which uses JavaScript (detected as JS_EBOD.A) and appears to spread via forum posts....
http://blog.trendmicro.com/firefox-addo-sp...search-results/
Quote
...this new Firefox threat, which Trend Micro calls TSPY_EBOD.A, is using social engineering to trick users into installing it.
The extension is being offered on various forums via JavaScript as an Adobe Flash Player update. Once installed, it appears in the Add-ons Management window under the Extensions tab as "Adobe Flash Player 0.2." It is worth noting that the real Flash Player add-on for Firefox is actually a plug-in, which is listed under the Plugins tab as "Shockwave Flash [version number]."
This new piece of malware is actually a click fraud trojan, which injects ads into Google search-result pages. When these ads are clicked, the trojan's authors are receiving a small fee from the advertising network supplying them. ...
The extension is being offered on various forums via JavaScript as an Adobe Flash Player update. Once installed, it appears in the Add-ons Management window under the Extensions tab as "Adobe Flash Player 0.2." It is worth noting that the real Flash Player add-on for Firefox is actually a plug-in, which is listed under the Plugins tab as "Shockwave Flash [version number]."
This new piece of malware is actually a click fraud trojan, which injects ads into Google search-result pages. When these ads are clicked, the trojan's authors are receiving a small fee from the advertising network supplying them. ...
http://news.softpedia.com/news/Click-Fraud...on-120430.shtml
Additional information
Quote
...So how do you know if you have this trojan on your system? Any of these signs indicate that you’re infected:
* A running process named smc.exe Edit: Sygate Firewall also uses this process name so this is not a reliable indicator of infection.
* A Firefox plugin named “Adobe Flash Player 0.2″
* Having recently installed a file called install_flash_player.exe or Install_Flash.exe from an unknown source ...
* A running process named smc.exe Edit: Sygate Firewall also uses this process name so this is not a reliable indicator of infection.
* A Firefox plugin named “Adobe Flash Player 0.2″
* Having recently installed a file called install_flash_player.exe or Install_Flash.exe from an unknown source ...
http://blog.misec.net/2009/08/25/fake-adob...oogle-searches/
This post has been edited by tork: 30 August 2009 - 08:57 AM
Back to top
