Since we’re now wise to rogueware that is spread by posing as fake antivirus clients and disk defragmenting tools, cyber-criminals have moved on to using fake video media players as their disguise.
Panda Labs has identified at least two fake media player rogueware campaigns this past week, though it appears that they may have been lurking around the Internet since at least October.
The first, FlashLV player, is actually a frequently downloaded application that is currently hosted on CNET’s Download.com. Though the page for the file download touts that the product has “Tested spyware free”, several reviews note that their own spyware and antivirus utilities have detected that the executable file for installation of the player detects W32/BackdoorX.DHLT, Win32.Small.guj, and Backdoor/Small.gue malware.
The second Xvid Video player, looks legitimate at first glance, but a closer look at the installation “Setup Wizard” reveals the inclusion of a ClickPotato add-on, which is a known piece of viral adware, as well as ShopperReports and QuestBrowse, which are also identified on several security sites as malware.
It’s becoming blatantly obvious that cyber-criminals will pull no stops to distribute their malware on unsuspecting computer users’ systems. Fortunately, it’s not too difficult to protect yourself.
First, as PandaLabs blog post notes, “Most of the common media players will be able to play most of the video formats. You don’t need a “Special Player” to play yet another video format.”
Also, it helps to read about the files you’re installing rather than just blindly clicking “Next” through the installation (which has, in fact, gotten me in trouble in the past). A quick skim through the reviews of FlashLV player on Download.com is enough to gather that the file is infected with malware, and a Google search of the “value” add-ons that Xvid wants to install almost instantly shows that they are known adware.
The lesson here is that you can never be too careful about the programs you install on your computer. The little extra bit of time it takes to research and ensure that the software is of a legitimate nature is well worth the potential headache of a rogueware infection.
