Trojan.FakeAV.LVT mimics YouTube video with comments from your Facebook friends, downloads fake AV
SYDNEY & AUCKLAND – July 25, 2011 – BitDefender, an award-winning provider of innovative Internet security solutions, has discovered a new online threat that uses very sophisticated social engineering techniques in order to uninstall your antivirus solution while adding it to a botnet of infected systems.
The Trojan, dubbed Trojan.FakeAV.LVT, tricks unsuspecting Facebook users into believing that a video about them has been posted on YouTube. The video appears extremely convincing, as it also contains multiple comments from your Facebook friends which have been mocked up. And to make matters worse, if infected the fake YouTube video contains your full name in its title, correctly spelt as it appears on your Facebook profile.
As you try to watch the movie, the Trojan prompts you to install an ‘updated version’ of the Flash player plugin. This in fact carries a rogue – or fake – antivirus (AV) solution with both malware downloader and botnet capabilities that enable it to continue spreading.
To make matters worse, the fake AV is capable of impersonating the look and feel of 16 different security solutions currently on the market and asks for you to reboot your system in order to complete the install. However, upon restarting, the genuine AV solution on the system is uninstalled and completely replaced by a high-quality replica that not only lacks AV functionality, but also uses the infected PC to spread malware to others.
The fake antivirus can imitate 16 different security solutions from top-tier antivirus vendors. These replicas are also localised and will only display messages in the language that the genuine antivirus has been set to.
Catalin Cosoi, head of BitDefender’s antimalware research lab said: “Trojan.FakeAV.LVT takes social engineering to a whole new level by presenting the user with extremely convincing scenarios at each stage of the process. The video looks and feels real as it contains your name in the title, as well as comments from your Facebook friends. Meanwhile, fake antivirus solutions used to be easy to spot, as they’re often completely different to the one that you have installed onto your system. However, Trojan.FakeAV.LVT is deceptively clever as it is capable of replicating almost any antivirus or online security software on the market today.”
“To guard against these cunning new threats, BitDefender recommends downloading Flash-related updates through the Adobe website, instead of through a redirect link. If you are unsure whether the video is legitimate, it’s best to go directly to YouTube and search for the video’s existence,” Catalin advised.