如果你正在社交媒体上做平常操作,你可能要注意了。安全公司Malwarebytes报告,有一些恶意软件通过链接到一个页面来传播,页面上说美国政府禁止比特币。
很显然,这个故事是不是真的,但这不能阻止好奇的人点击链接。
这个短链接把用户带到看似相当合法的视频上,讲述华尔街日报报道的比特币被联邦调查局关停,除了用户不在华尔街日报的主页上,其它都跟真的一样。
相反,网页链接到泰国商业网站siam-sunrise.com。视频出现加载页面,几秒钟后,弹出假的Adobe Flash Player安装页面。
当用户点击“安装” ,他们就会收到几个文件,Install_Adobe_Flash_Player.exe是其中之一。但它不是Flash Player。相反,这是一个木马病毒,电脑就这样被感染了。
据据Malwarebytes说法 ,这似乎是一个远程访问木马 – 甚至可能和Darkcomet RAT病毒感染有关。
Adam Kujawa在Malwarebytes描述到:
“ ……该恶意软件与远程服务器建立连接并传播其它恶意软件,如Temp文件夹发现“Notepad.exe”,指示同一个远程服务器把它当作初始安装文件。 ”
开始有一个假冒的witter账户主要负责恶意软件的初始传播,但随后有些没有读取(或访问)链接内容的人会再推这条消息。
所以,如果你遇到这样的事情,就不点击它。
评论:中国禁比不算新,美国禁比不可信,这样的病毒好象不难防范。
Fake US Government Bitcoin Ban Spreading Malware on Social Media
If you’re doing your usual rounds on social media, you may want to look out. There’s some malware spreading via a link to a story that says the United States Government is banning bitcoin, as reported by security firm Malwarebytes.
Obviously, the story isn’t true, but that won’t stop curious people from clicking on the links.
The shortened link takes the user to a pretty legitimate looking video from the Wall Street Journal on the topic of bitcoin being shut down by the feds, except for the fact the user isn’t on the Wall Street Journal’s homepage.
Instead, they’re on a site belonging to a Thai business, siam-sunrise.com. The video appears to load, and within a few seconds, up comes a fake pop-up for Adobe Flash Player.
When users click “Install”, they’ll receive several files, one of which being Install_Adobe_Flash_Player.exe. But it’s not Flash Player. It is instead a Trojan, and the computer becomes infected just like that.
According to MalwareBytes, it appears to be a remote access Trojan — possibly even related to theDarkcomet RAT infection.
Adam Kujawa at MalwareBytes describes:
“…the malware creates an establish connection with a remote server and drops additional malware, such as the ‘notepad.exe’ that is found in the Temp folder and beaconing out to the same remote server as the initial Install file.”
Fake Twitter accounts are primarily responsible for the initial distribution of the malware, but then there are the folks who re-tweet without actually reading (or visiting) what’s behind the link.
So if you come across this sort of thing, just don’t click it.
本文固定链接: 三个硬币 |
http://www.3-coin.com/2014-05-23/2034/
