“OH” “OH” “OH”, Santa Delivering FakeAV Presents

Following on from the latest Captcha techniques used by the W32/Koobface worm, it seems that the malware authors have turned to Santa for help to deliver it’s nasty surprise which awaits Facebook users. The infection drops other trojans such as FakeAlert and leaves the user renderless.

It all begins with a post on a user’s Facebook Wall. If the user clicks on the link, they are presented with a fake video player with a Christmas greeting as shown below


A fake message states that in order to view the video the user must download the latest version of Adobe Flash. If the user clicks on ‘install’, instead of the flash player being downloaded, it runs a variant of W32/Koobface on the user’s system. Furthermore to this, the user’s browser is redirected to more harmful sites harboring malicious files which are automatically installed and exceuted on the infected system.
Amongst the malicious files that are downloaded and executed includes FakeAlert trojans. Like its predecessors, a fake message is displayed stating that the system is infected with various viruses and that the user requires to buy a product to remove them.

Users are advised to avoid installing anything that results from clicking on video links relating to any Christmas greetings.

Leave a Reply