CamFrog Scam

by Albin on November 11th, 2009 in Security Alert.

One of the most popular applications for cam sessions (CamFrog) is now being abused for distribution of malicious software. The site, below, will appear if the victim visits camsjungle.XXX. The domain is more or less a clone of the real site, camfrog.com

The cyber criminals have planted a fake version of CamFrog (CamFrogSetup.exe) on the server. The application looks like this:

When the victim executes the fake application, a new malicious file will be downloaded.  The file is a Win32.TrojanDowloader.VB and will run in the background without the user's consent, connecting to suspicious servers. Ad-Aware’s Genotype scanner will detect the malicious file as Win32.TrojanDowloader.VB/S.

Albin

Lavasoft Malware Labs