13:50 Legal Trojans already have you on board | |
| This information is habratopik for thought for users of the popular client-downloader FlashGet. Apologize for the lack of job options, but something Habr buggy. To search for UFOs Malvar and control it I use the products of the company Symantec. And just yesterday I have a problem with the fact that the NIS was matyukatsya on FlashGet. I searched a bit online and as a result summarizes: 1. Multiple messages in a support from users that their computers antivirus was detecting Trojans in the directory FlashGet. 2. Panic Online program Flashget. 3. The main symptoms is the appearance in the files named: detected by Kaspersky Antivirus as: 5. The audit revealed that in addition to the Trojans latest creation date and modification of a file FGUpdate3.ini (podcheknuty differences from the original file): [Add] fgres1.ini = 1.0.0.1035 FlashGet_LOGO.gif = 1.0.0.1020 inapp4.exe = 1.0.0.1031 [AddEx] [fgres1.ini] url = http://dl. flashget.com/flashget/fgres1.cab flag = 16 path =% product% [FlashGet_LOGO.gif] url = http://dl.flashget.com/ flashget / FlashGet_LOGO.cab flag = 16 path =% product% [inapp4.exe] url = http://dl.flashget.com/flashget/appA. cab flag = 2 path =% product% Link to file inapp4.exe, being a Trojan, leads to this site FlashGet. From there it loads in the form appA.cab. 6. "Vulnerability" is present in all versions of FlashGet 1.9.xx. No information about the incident site FlashGet not found a complete silence on the part of developers. 7. Despite the fact that at the moment the problem with breaking copyright FlashGet resolved a vulnerability in the user security left. Any Trojan program could modify the local ini-file FlashGet, forcing him to work as a Trojan downloader. 8. Anyone interested, Google knows where a full analysis of the situation by Kaspersky Lab. P.S. reference that is not inserted as expected?? | |
|
| |
| Total comments: 0 | |