Panda Security’s anti-malware laboratory has located two spoof P2P application installers that are loading Lop adware on users’ systems.
The Spanish security vendor says cyber-criminals are using BitRoll-126.96.36.199 and Torrent101-188.8.131.52 to feed malicious code to Internet users.
Jeremy Matthews, head of Panda Security’s sub-Saharan operations, says the programs are used to exchange files between remote users “and both installers are available for download on the Internet, so any user could access them and become infected”.
He says this highlights a growing trend whereby cyber-crooks are using false applications to install malicious code.
Matthews says wavesoftwarecreative.exe, which passes itself off as audio software, and bitdownloadsetup.exe are other examples of this technique.
Lop, the malicious code downloaded by the spoof installers, is designed to display ads from various advertisers through pop-up windows, banners and the like.
It also switches the Internet Explorer home page to its own search engine. When searches are made with this engine, the results returned will be advertising pages related to the search words.
“It doesn’t stop there, however. To help prevent detection, this adware connects periodically to a Web page from which it downloads new files containing variants of the code, making it difficult to delete all active malicious files on the system,” Matthews warns.
If users try to use the program installed, they will be able to search for files, but not download them.
“Users must be really careful about what applications they are choosing to download from the Web,” says Matthews. “Only use reputable Web sites – and check for verification of the product you intend to download. A simple Google search can ensure this.”