« Flashback Checker & Removal Tools (or Why Antivirus Software is a Good Thing) | Main | Temporary Fix to Avira Antivirus / Internet Security 2012 Blocking Applications »
04/23/2012
Incredible Analysis of Flashback/Fakeflash OSX Trojan
Kevin R. Smith
Co-Editor
Co-Editor
In one of the finest examples of research into the workings of malware most people are likely to ever see, Alexander Gostev of Kaspersky Antivirus begins a full analysis of Flashback/Flashfake.
According to Alexander's research, it looks like Flashfake began its infections via hacked Wordpress blogs.
Next, it appears actual exploits began being used to spread the Trojan via the hacked Wordpress blogs. How many blogs were infected, but it's at least 30,000 according to a Websense report on the Wordpress infections.
Hats off to Kaspersky and Alexander both for the great research and for sharing it.
According to Alexander's research, it looks like Flashfake began its infections via hacked Wordpress blogs.
Good ol' social engineering is what duped the first wave of folks into getting infected. (N.B. Typically, these are the types of infections that are blocked by Internet security software.)From September 2011 to February 2012, Flashfake was distributed using social engineering only: visitors to various websites were asked to download a fake Adobe Flash Player update.
Next, it appears actual exploits began being used to spread the Trojan via the hacked Wordpress blogs. How many blogs were infected, but it's at least 30,000 according to a Websense report on the Wordpress infections.
Hats off to Kaspersky and Alexander both for the great research and for sharing it.
The comments to this entry are closed.
Comments