Fake "Flash Player Pro" Update Delivers Password-Stealing Trojan

[allheart55 Cindy E]

Researchers are warning about a new malware delivery campaign aimed at spreading Fareit, a password-stealing Trojan that can also download additional malware.

 

This campaign is targeting users who's DNS server settings have been changed to redirect them to malicious sites without their knowledge. This can be the result of a previous compromise of their routers via malware such as the DNS Changer Trojan, or a malvertising campaign such as this one.

 

However it happened, these users are now in danger of getting saddled with Fareit.

 

"When the DNS server settings has been changed to point to a malicious server used by Fareit, the unsuspecting user visiting common websites gets an alert saying 'WARNING! Your Flash Player may be out of date. Please update to continue'," F-Secure researchers shared.

 

Users are then shown this (quite legitimate-looking) malicious download page (click on the screenshot to enlarge it):

 

 

Those who don't know that a software named Flash Player Pro actually doesn't exist could be tricked into downloading and running the offered file (setup.exe).

 

Users who have fallen for this scheme should be aware of the fact that if they don't restore the router's DNS server settings to what they should be, they are likely to be hit with infection attempts such as this one in the future.

 

F-Secure advises taking the following steps: disconnecting the router from the Internet and resetting it; changing the router password on the router; disabling its remote administration feature; updating its firmware; rebooting the computer to flush the DNS cache; and, finally, scanning the computer using an up-to-date antivirus solution.

 

Source: http://www.net-security.org/malware_news.php?id=2982

[donetao]

Hi [uSER=9187]@allheart55 (Cindy E)[/uSER] Yuppers that has been around for awhile now and I have seen it here at Golden Oaks.

Good information Cindy! Thanks!!

PS So far MBAM has taken care of it and I'm watching a couple PC's here at Golden Oaks that down loaded it!! Ran MBAM and so far no more problems!!

I have put the warning out on Golden Oaks TV Channel to call me if they see this come up on their PC.

[starbuck]

As the original post doesn't make it very clear how to restore the router's DNS server settings, I thought these links would help anyone how needs them:

 

How to reset your router to rid it of malware

 

Reset Your Router back to factory settings

Edited March 8, 2015 by starbuck

[allheart55 Cindy E]

Thanks, Pete! I'm glad that you are always on top of things. :D

[donetao]

Hi ! I'm not sure If the problem I found was this problem. The PC I worked on was redirecting the user and wouldn't allow her to go on the internet. She told me the problem started right after up dating Flash. I had put MBAM on the PC before and was able to run it. It found 3 Trojans and 1200+ PUP's. After scanning with MBAM. The PC seemed OK. I had the senior check it out. I had been using IE to excess the internet. She clicked on Chrome and all Hell broke lose and I had to rescan with MBAM. I uninstalled Chrome. She said she would install Firefox latter. I haven't heard any more. I guess I should call her. The senior was pretty PC savvy and think this fake Flash was the problem. I can't be 100% sure about that

[donetao]

There's a lot of crap going on with Chrome and Flash! You can check here to see if you have the latest up date!!

https://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html