FreeVideo Player Trojan


I believe that this software clearly fits the definition of a Trojan Horse. From what I have been able to gather thus far, the apparent motive is profiting from pay per click advertising. I do not know and cannot speculate at this time if this is the only motive, the primary motive, or simply a front for more insidious tactics.

The engineering of this Trojan and the social engineering behind its spread appear to me to be far more advanced than typical Web browser exploits and IRC bots. It is clear that we are dealing with a well organized crime ring that has significant resources at hand, including lots of IP space, bandwidth, as well as talented in-house programmers, sysadmins and marketing analysts. Considering their capability to distribute 301 unique variants of the same malware on a Web server, they clearly have the ability to distribute 301 different ones once enough companies start detecting their current versions. (Not to mention that they have plenty of other "business" taking place on this IP space.) SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Monday, 20th November 2006 11:59PM