1

When Is Flash-Plugin not a Flash Plugin?

When it’s a FakeAv/Rogueware downloader, of course. An interesting note about the malware served from the ongoing malware operation recently moved to 95.211.8.20 and is covered in many previous posts…since August 1st, the group now serves up executables labelled as flash plugins. It seems their “viewer” (streamviewer.exe, tubeviewer.exe, porntubeviewer.exe, etc) theme wasn’t as successful as it used to be. Here are a few that ThreatFire prevented in the community today:

95.211.8.20/ flash-plugin.45032.exe
95.211.8.20/ flash-plugin.45031.exe
95.211.8.20/ flash-plugin.40040.exe

The downloaders continue to phone home for malware payloads to the same urls as previously posted:
myart-gallery .com
robert-art .com
superarthome .com

ThreatExpert report here. As always, add a behavioral based security layer to your system like ThreatFire and be wary of sites trying to force a codec install or upgrade.

This entry was posted in The Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>