Eset security company said this is one variant of a trojan that downloads other malware from the internet. As it is known that the worm spread through a link on social networking sites and act by intervening in several security applications to disable security applications such detection.
Win32/Delf.QCZ said to use old applications 'fake codec / media player' and links to malware-laden sites that spread via Facebook chat. But the malware authors have upgraded to be able to perform a more personal attacks against a user who becomes a target.
Malware Win32/Delf.QCZ not only emerged as a spam message sent by a friend as our Facebook, or send messages of a general wall posts on Facebook as an example of "WOW! Http://_malicious_link_", and malware that sends Win32/Delf. QCZ also falsify our conversation before sending malicious URL.
Links to web pages that appear similar to the look of YouTube, and malware usually require the user to upgrade the Adobe Flash Player in advance to be able to watch a video that was sent.
To be more convincing and encouraging curiosity of potential victims, they were asked to run the malware sent. While the name of the user who submit false and of course obtained from Facebook. Shown in the video is sent by being given an additional title that seemed sensational.
Mode
Spread of vector used by Win32/Delf.QCZ very effective and interesting, because it has a charge of like a video, so it can be deceiving. This Trojan can be categorized as a fake antivirus, but the attack scenario is different than the typical existing Rogue AV - that does not affect a user to purchase rogue security applications.
Win32/Delf.QCZ actually falsify the original antivirus already installed on the victim's computer. It can be seen from the emergence of a virus attack warning display is made as if originating from existing antivirus on the victim's computer, while antivirus is diremove before.
Win32/Delf.QCZ will act as a Trojan downloader for other malware, which is known backdoor tough to make the exploitation of the computer when an antivirus application has been turned off.
Well, according to Eset, Friday (19/08/2011), under the scenario of course there are financial motives. Win32/Delf.QCZ possible perpetrators who use to be part of a commercial scheme with a payment model pay-per-install or be a tool to facilitate the installation of third-party malware for financial gain.
ESET antivirus security applications to detect and remove threat Win32/Delf.QCZ to protect sensitive areas of the Windows OS, before the Trojans managed to spread and extend the functionality of HIPS (Host Intrusion Prevention System).
0 komentar :
Post a Comment