BitDefender, a provider of Internet security offerings, has discovered a new online threat that uses very sophisticated social engineering techniques to uninstall antivirus solution from a user’s system while adding it to a botnet of infected systems.
The Trojan, dubbed Trojan.FakeAV.LVT, tricks unsuspecting Facebook users into believing that a video about them has been posted on YouTube.
The video appears extremely convincing, as it also contains multiple comments from a user’s Facebook friends which have been mocked up, and if infected the fake YouTube video contains the user’s full name in its title, correctly spelt.
As you try to watch the movie, the Trojan prompts you to install an ‘updated version’ of the Flash player plugin, which in fact carries a rogue – or fake – antivirus (AV) offering with both malware downloader and botnet capabilities that enable it to continue spreading.
The fake AV is capable of impersonating the look and feel of 16 different security offerings currently on the market and asks for you to reboot your system in order to complete the install.
Upon restarting, the genuine AV offering on the system, however, is uninstalled and completely replaced by a high-quality replica that not only lacks AV functionality, but also uses the infected PC to spread malware to others.
BitDefender’s antimalware research lab head Catalin Cosoi said Trojan.FakeAV.LVT is deceptively clever as it is capable of replicating almost any antivirus or online security software on the market today.
"To guard against these cunning new threats, BitDefender recommends downloading Flash-related updates through the Adobe website, instead of through a redirect link," Cosoi said.
"If you are unsure whether the video is legitimate, it’s best to go directly to YouTube and search for the video’s existence."
