TSPY_FAREIT.SMC

TSPY_FAREIT.SMC is a dropper Trojan that is distributed in a malicious spam email in order to attack inexperienced computer users. According to ESG security researchers, TSPY_FAREIT.SMC is used to download and execute the executable file for a common Zeus Trojan or Zbot Trojan variant that is typically distributed as a fake Adobe Flash Player updater. TSPY_FAREIT.SMC is distributed by taking advantage of computer users wanting to establish a WebEx conference. The email message that contains TSPY_FAREIT.SMC uses a spoofed email address and various different tactics to convince inexperienced computer users to download the malicious executable file which is named update_flash_player.exe. This same file has been seen repeatedly in other malware attacks and is commonly detected as TSPY_FAREIT.SMC.

A fake WebEx email is sent to the victim. This email contains a fake HTM attachment which leads to a remote server that hosts TSPY_FAREIT.SMC. TSPY_FAREIT.SMC is distributed in fake emails from PayPal. Although the PayPal message claims to contain details on a particular transaction, it actually leads to the malicious website that contains the TSPY_FAREIT.SMC fake Adobe Flash Update. The website containing this malicious executable file spoofs the official Adobe Flash Player website in order to convince computer users to download this fake Adobe Flash Player update. Looking at the website's URL, you will notice that it is not the real Adobe website's address. The fact that criminals have managed to spoof this website so closely is impressive in itself due to the fact that the real Adobe Flash web page uses a drop down menu that is difficult to replicate exactly.

TSPY_FAREIT.SMC is used to install a variant of the infamous Zbot banking Trojan. This Trojan is especially designed to rob confidential information from the compromised computer. A TSPY_FAREIT.SMC infection can lead to losing access to your online accounts and losing money in your online bank account. Fortunately, preventing TSPY_FAREIT.SMC attacks is a matter of common sense. If you avoid opening links or email attachments contained in unsolicited email messages (even if it appears to come from a trusted source such as WebEx or PayPal), you can avoid a TSPY_FAREIT.SMC infection altogether.