12345

4/05/2011

Identified malicious files disguised overseas' famous anti-virus' installation file

1. Introduction

Recently, a russian site has been revealed the root site of being spread malicious file disguised as famous anti-virus software.
This downloadable file can cause user financial damage on executing, fortunately damage case hasn't reported in South Korea so far.
With the scam techniques getting sophisticated, user who installs overseas anti-virus software needs to be careful on downloading and installing those SWs.
  
2. Spreading path and symptoms of infection

Found malicious file disguised as an installation file is being spread Russian web site.



You can see famous anti-virus' icon in red square, clicking anti-virus software will move current page to following site.
Clicking related link will download malicious file masqueraded as an overseas' famous anti-virus software.



* Downloadable fake anti-virus malicious files



This site already has various malicious files disguised as famous anti-virus' setup file, you can see same activation code field on executing after downloaded.



Clicking "Payment Terminals" will open another window for micropayment via SMS which can cause user financial damage.



3. How to prevent

Currently, cybercrimes especially for financial exploit are big booming these days.
To use PC safely from security threats of these malicious files and social engineering, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function and runs responding system against various security threats.

1 comment: