Troj/Rootkit-KK

Breaking news stories have long been a popular way of distributing malware, either through email phishing scams or on social media networks. Troj/Rootkit-KK refers to a scam that ESG security researchers have noticed on Facebook. Infected computer users post a status message to their wall, which supposedly links to a news story about the United States attacking Saudi Arabia and Iran, a move that would undoubtedly bring about a world war. This sensationalist news story is sure to attract a click from curious users, especially since Troj/Rootkit-KK spoofs the CNN website in order to convince its victims of its veracity. The message reads: U.S. Attacks Iran and Saudia Arabia. F**k 🙁 [LINK] The Begin of World War 3? Like most malware attacks, criminals behind Troj/Rootkit-KK are not particularly careful with their grammar and spelling, as you can see from such details as 'Saudia' instead of Saudi and 'Begin' instead of beginning. If you click on the link (either the one in the text or on the video included in the link), you are directed to a website that is meant to imitate CNN. This website contains a video that, if activated, is created to show a pop-up window claiming that the victim needs to download the nonexistent Adobe Flash 11.5 from an included link needed to view the video. As expected, this link leads to an extremely dangerous rootkit infection. The pop-up window prompting the computer user to download this fake Adobe Flash update is designed to imitate very closely the window that appears if you right click on a Flash video, a detail that may convince even moderately experienced computer users that it is legitimate.

The Troj/Rootkit-KK Scam Has Affected Thousands of Facebook Users

Curiously, the Troj/Rootkit-KK video shows an image of a tank at a crossroad in a landscape covered in snow, something that is quite implausible since, when we talk about Iran and Saudi Arabia, we are talking about a hot, dry and arid climate with absolutely no chance of snow. Despite this giveaway, the Troj/Rootkit-KK scam has corrupted thousands of computers all around the world. Within its first three hours in the wild the Troj/Rootkit-KK scam duped at least sixty thousand Facebook users! While computer security researchers have detected two components of the Troj/Rootkit-KK attack – the rootkit that is downloaded onto the victim's computer system and the scam that directs victims to the website containing this scam – a third essential component must yet be identified, a probable worm infection that is causing infected computer users to display the Troj/Rootkit-KK message on their Facebook wall.