by Dave Michmerhuizen and Luis Chapetti – Security Researchers
Spammers are trying to capitalize on the excitement surrounding the gold medal performance of the United States women’s gymnastic team by manufacturing a controversy where none exists, hoping that curious Olympics fans will rush into their trap.
The trap is an email message accusing team member Gabrielle Douglas of using a banned substance.
When it comes to malicious spam, the goal of the spammer is to find some way to get you to drop your defenses and click their links without thinking. A juicy accusation against a star athlete in her moment of fame is just the sort of thing to get that to happen.
The link in the email does not point to youtube, but if you were to ignore that and follow it anyway you would see a pretty convincing copy of their site – provided you don’t look too closely at the URL bar of your browser.
The fake youtube page automatically tells you to install a “newer version” of the Flash Player plug-in in order to view the video for that page. This sort of “Flash Player update” request is a very common ploy that malware distributors use to get the unwary to run their programs. If you were to fall for this instance you would see a dialog giving you one more chance to back out
Users should be wary about updating their flash player and making sure it is from Adobe. In this case the file adobe-flashplayer-update.exe has nothing to do with playing Flash files. Instead, it is a member of the Trojan.Clicker family. Once installed and running it visits websites in the background carrying out advertising fraud.
As always, be very careful with links in unsolicited emails and never run programs offered to you by websites, even supposedly reputable ones. Very often, being safe on the internet is just a matter of saying ‘No.’
Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these emails. Barracuda Web Filters and the Barracuda Web Security Flex service stop the download of this threat.