Incredible Analysis of Flashback/Fakeflash OSX Trojan


« Flashback Checker & Removal Tools (or Why Antivirus Software is a Good Thing) | Main | Temporary Fix to Avira Antivirus / Internet Security 2012 Blocking Applications »

04/23/2012



Incredible Analysis of Flashback/Fakeflash OSX Trojan

Kevin R. Smith
Co-Editor


In one of the finest examples of research into the workings of malware most people are likely to ever see, Alexander Gostev of Kaspersky Antivirus begins a full analysis of Flashback/Flashfake.

According to Alexander's research, it looks like Flashfake began its infections via hacked Wordpress blogs.
From September 2011 to February 2012, Flashfake was distributed using social engineering only: visitors to various websites were asked to download a fake Adobe Flash Player update.
Good ol' social engineering is what duped the first wave of folks into getting infected. (N.B. Typically, these are the types of infections that are blocked by Internet security software.)

Next, it appears actual exploits began being used to spread the Trojan via the hacked Wordpress blogs. How many blogs were infected, but it's at least 30,000 according to a Websense report on the Wordpress infections.

Hats off to Kaspersky and Alexander both for the great research and for sharing it.

Posted by Kevin R. Smith at 11:38:57 AM in Java , Kaspersky , OS X Virus , Trojan

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.