NEWS FROM THE LAB - Monday, November 12, 2007

Catch of the Day Posted by Sean @ 15:55 GMT

Today's special is Trojan-Dropper.W32/Agent.CPL. We discovered this phish in spam runs promoting a YouTube video.

If you click the link in the spam message, it opens a fairly decent copy of YouTube's site. Click the image for an expanded view:

YouTube CN

The page, located on a .cn server, prompts for the installation of Adobe's Flash Player. If you download the file, it's named install_flash_player.exe. Just as the real Flash Player download would be…

Firefox browser is already warning about the fraudulent nature of this site, and we have detection with our 2007-11-12_04 database, so we don't expect a very big catch for this particular rock phishing site.