{"id":15051,"date":"2013-11-12T12:00:28","date_gmt":"2013-11-12T19:00:28","guid":{"rendered":"https://www.webroot.com/blog/?p=15051"},"modified":"2018-10-05T13:03:56","modified_gmt":"2018-10-05T19:03:56","slug":"web-site-brazilian-prefeitura-municipal-de-jaqueira-compromised-leads-fake-adobe-flash-player","status":"publish","type":"post","link":"https://www.webroot.com/blog/2013\/11\/12\/web-site-brazilian-prefeitura-municipal-de-jaqueira-compromised-leads-fake-adobe-flash-player\/","title":{"rendered":"Web site of Brazilian ‘Prefeitura Municipal de Jaqueira’ compromised, leads to fake Adobe Flash player"},"content":{"rendered":"

Our sensors just picked up an interesting Web site infection that’s primarily targeting Brazilian users. It appears that the Web site of the Brazilian Jaqueira prefecture has been compromised, and is exposing users to a localized (to Portuguese) Web page enticing them into installing a malicious version of Adobe’s Flash player. Not surprisingly, we’ve also managed to identify approximately 63 more Brazilian Web sites that are victims to the same infection.<\/p>\n

<\/p>\n

Sample screenshot of the landing page serving the localized Adobe Flash Player:<\/strong><\/p>\n

\"Prefecture_Brazil_Malware_Malicious_Software_Fake_Adobe_Flash_Player_Localized\"<\/a><\/p>\n

Sample screenshot of the embedded redirector at a sample compromised Web site:<\/strong><\/p>\n

\"Prefecture_Brazil_Malware_Malicious_Software_Fake_Adobe_Flash_Player_Localized_01\"<\/a><\/p>\n

Sample affected Web site:<\/strong> jaqueira.pe.gov.br<\/p>\n

Landing malicious URL:<\/strong> 79.96.179.237\/br\/flashplayer<\/p>\n

Detection rates for the served malware:<\/strong>
\nMD5: cdb0ae783f66d37883f0431c6dd18954<\/strong><\/a> – detected by 18 out of 47 antivirus scanners as TrojanSpy:Win32\/Banker.AJP
\nMD5: 7dad87060db280e866b75970757dd462<\/strong><\/a> – detected by 29 out of 48 antivirus scanners as Trojan-Downloader.VBS.Agent.agm<\/p>\n

Webroot\u00a0SecureAnywhere<\/a><\/strong>\u00a0users are proactively protected from these threats.<\/p>\n","protected":false},"excerpt":{"rendered":"

Our sensors just picked up an interesting Web site infection that’s primarily targeting Brazilian users. It appears that the Web site of the Brazilian Jaqueira prefecture has been compromised, and is exposing users to a localized (to Portuguese) Web page enticing them into installing a malicious version of Adobe’s Flash player. Not surprisingly, we’ve also […]<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[4985,7179,3871,16667,10621,4999,7187,6121,16669,4065,3919,4807,3875,5605,5615,4371,3529,3471,4313,4621],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/15051"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=15051"}],"version-history":[{"count":6,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/15051\/revisions"}],"predecessor-version":[{"id":25757,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/15051\/revisions\/25757"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=15051"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=15051"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=15051"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=15051"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}