- Threat Encyclopedia
- Malware
- HTML_BLOCKER.K
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Downloaded from the Internet, Via social networking sites
This malware is related to the fake Flash player scams that targeted users in Turkey. It is used to send the Facebook messages with the link to the video.
To get a one-glance comprehensive view of the behavior of this Others, refer to the Threat Diagram shown below.
This malware may be downloaded by other malware/grayware from remote sites. It executes when a user accesses certain websites where it is hosted. It may be downloaded from remote sites by other malware.
10,545 bytes
HTML, HTM
22 Jan 2014
Downloads files
Arrival Details
This malware may be downloaded by the following malware/grayware from remote sites:
It executes when a user accesses certain websites where it is hosted.
It may be downloaded from remote site(s) by the following malware:
NOTES:
It makes the current user follow certain accounts when the following social networking sites are accessed:
It spams messages to currently available Facebook friends of the current user.
The message contains the following:
{malicious link} - shortened URL obtained from http://www.{BLOCKED}r.in/dropbox/up.php
Title: {Friend's Name} :Yaziklar olsun izlerken içim gitti ya.
The message displays the following image:
It chooses from the following for its message body:
Once a user clicks the malicious link in the message, the browser will open the following webpage:
The webpage tricks users to download and install a fake Adobe Flash Player update saved as the following:
9.700
10.556.04
22 Jan 2014
10.557.00
23 Jan 2014
Step 1
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Step 2
Close all opened browser windows
Step 3
Remove malware/grayware files dropped/downloaded by HTML_BLOCKER.K
Step 4
Scan your computer with your Trend Micro product to delete files detected as HTML_BLOCKER.K. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.