Today's special is Trojan-Dropper.W32/Agent.CPL. We discovered this phish in spam runs promoting a YouTube video.
If you click the link in the spam message, it opens a fairly decent copy of YouTube's site. Click the image for an expanded view:
The page, located on a .cn server, prompts for the installation of Adobe's Flash Player. If you download the file, it's named install_flash_player.exe. Just as the real Flash Player download would be…
Firefox browser is already warning about the fraudulent nature of this site, and we have detection with our 2007-11-12_04 database, so we don't expect a very big catch for this particular rock phishing site.
