Flash, Large Hadron Collider and Malware

Filed Under: Malware, SophosLabs

You must be wondering what these three have in common. They all appeared together in a special spam message today, in the latest incarnation of malware masquerading itself as a flash player plug-in.

This message appears very dodgy from the start:

Wow, don't ask me how I get this video, but it's realy cool

http://mytinyurl.net/<hidden>

Once the link has been clicked on we get redirected to another page which claims to play a cool video of the Large Hadron Collider

Of course, since this video is so "cool" and "new", we don't seem to have the correct Flash plugin for the movie, so we are asked to update it.

Far from watching the world's largest particle accelerator in action, we get another boring old malware.

This so-called Flash update is malicious. We detect this malware as Troj/TDSS-BP

Apparently 917130 people have already been infected .. oops already watched this great video. ;-)

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s