jump to navigation

PandaLabs reports adware posing as ActiveX control April 22, 2007

Posted by grhomeboy in Internet Safety.
trackback

Pandalabs has discovered ImageAccesActiveXObject, a new example of adware that poses as an ActiveX control allowing users to view erotic pictures.

The adware reaches computers in the following way: when users visit certain web pages, a window opens offering erotic pictures. If the user agrees, another window informs that an ActiveX has to be installed in order to see them. This control, however, is really the adware ImageAccesActiveXObject.

“Before now we had seen adware disguised as codecs to see videos, but never as ActiveX controls for viewing pictures. This is another strategy for tricking users. They think they are giving their consent to the installation of a legitimate tool when really they are allowing adware to be installed”, explains Luis Corrons, technical director of PandaLabs.

Once installed, the adware takes users to a page with erotic pictures. However, they will not be able to see anything as the domain is not available.

PandaLabs has prepared a video to demonstrate the process. This is available at: http://blogs.pandasoftware.com/blogs/pandalabs/archive/2007/04/16/FakeImages_210021002100_.aspx

This malicious code also downloads other adware onto computers. The first of these is SpyLocked. This adware is designed to show messages to the user warning that the computer is infected, and detecting ImageAccesActiveXObject. It will not however allow computers to be disinfected unless users register the product.

“We had detected this adware before under names such as SpywareQuake or VirusBurst. What happens is that when the creators see that their tool is widely recognized by users and no one downloads it anymore, they simply change the name”, explains Luis Corrons.

ImageAccesActiveXObject also downloads the adware Securitytoolbar. This is designed to install a false toolbar and a BHO (Browser Helper Object ). It displays pop-up ads and creates links on the desktop to certain web pages.

Users who want to know whether their computers have been attacked by these or other malicious code can use TotalScan, the free online solution at: http://www.pandasoftware.com/totalscan.

They can also use the NanoScan beta (www.nanoscan.com), an online scanner that detects active malware on computers in less than a minute.

Advertisements
%d bloggers like this: