|
|
Here's how BitDefender officials describe what happens:
"The unsolicited message directs users to apply a new set of settings to their mailboxes to update several 'security upgrades' that have been applied. The link in the e-mail leads towards a Web page with Microsoft Office logos and instructs users to download and launch an executable file that will supposedly update their e-mail settings.
"Instead, they receive a potent malware cocktail, including Trojan.SWF.Dropper.E, a generic detection name for a family of Trojans sharing similar behavior. They are Flash files, which usually do not display any relevant images/animations, but drop and execute various malware files (by exploiting Adobe Shockwave Flash vulnerability). The dropped files may be subject to change and different variants can drop and execute different malware programs."
BitDefender reports that Trojan.SWF.Dropper.E infections have risen by nearly 60 since December 2009. 13% of worldwide infections are in the US, 3% in Australia, and 3% in the UK.
The 'cocktail' also includes Trojan.Spy.ZBot.EKF (adds exceptions to the Windows Firewall, steals information and screenshots, etc), Exploit.HTML.Agent.AM (exploits Flash vulnerabilities to execute arbitrary code), and Exploit.PDF-JS.Gen (exploits vulnerabilities in the Adobe Acrobat/Reader JavaScript engine to execute arbitrary code).
Exploit.PDF-JS.Gen itself is trending upwards - according to BitDefender's figures - especially in the US, Spain and Canada. So it seems wise to make sure you've updated your copy of Acrobat or Reader with the patches that Adobe released earlier this week.
