플래쉬 플레이어 업데이트를 가장한 랜섬웨어(Russian ransomware and Flash Player update)

Malware Diaries에서 플래쉬 플레이어 업데이트를 가장한 랜섬웨어가 발견되었다고 한다.

- 랜섬웨어란?

미국에서 발견된 스파이웨어 등의 신종 악성 프로그램. 컴퓨터 사용자의 문서를 볼모로 잡고 돈을 요구한다고 해서 

‘랜섬(ransom)’이란 수식어가 붙었다.　

인터넷 사용자의 컴퓨터에 잠입해 내부 문서나 스프레이시트, 그림 파일 등을 제멋대로 암호화해 열지 못하도록 만들거나 첨부된 이메일 주소로 접촉해 돈을 보내 주면 해독용 열쇠 프로그램을 전송해 준다며 금품을 요구하기도 한다.

원문보기 : http://blogs.paretologic.com/malwarediaries/index.php/2010/07/06/russian-ransomware-and-flash-player-update/

These days Fake Adobe Flash Players are everywhere. The bad guys know that the majority of people cannot tell the difference between them.

To be honest, when Adobe prompts you for a Flash Player update, it looks almost identical to some of those pop ups you will encounter while browsing the web.

Fake Flash Player update

The following one comes from a Russian website, and although my Russian is a little rusty I can guess what it’s for:

Looks pretty legit. I press the button to install it…

Suddenly my Desktop is hijacked by a window asking for some password…

Ransomware

This is called ransomware. Unless I follow the instructions that involve spending money, I can’t get rid of this screen.

The process responsible for it is a file called kasper_zaebal.exe. It will kill your browser to prevent you from downloading an Antivirus program I assume?

All this makes me wonder if the best way to deliver program updates should not be done silently? Although it is a good idea to warn end users that some of their software is out of date, the bad guys are employing the exact same methods to distribute their malware. Other alternatives would be programs dedicated to software updates… but would you remember to run them every once in a while?

Suffice to say, always think twice before doing any ‘update’.

Jerome Segura