Infection files pretending to be Flash Player downloads isn’t particularly original, but hey – it works.
Steer clear of Portuguese language websites waving Flash files at you. Like this one:
Click to Enlarge
The site in question is birimdik(dot)kg/adobeflashplayer(dot)htm. If you download and run the file, you’ve just opened yourself up to a banking Trojan. It attempts to send your data to an email address with “31337” in it, which is surely double the indignity.
We detect this one as Trojan-Spy.Win32.Delf.ho, and the VirusTotal figures currently weigh in at a 22/43 detection rate.
Christopher Boyd