According to FaceTime researchers, a Trojan is falsely boosting traffic statistics for Chinese websites. FaceTime has discovered that the Symfly Trojan is abusing the Alexa Toolbar. Abusing the Alexa Toolbar causes a website’s traffic to be reported incorrectly.
FaceTime Security Labs, the threat research and remediation arm of FaceTime Communications, has discovered a Trojan named Symfly that is influencing Alexa Web traffic rankings for several Chinese Web sites. Customers who have deployed FaceTime Enterprise Edition, including RTGuardian, GEM and IMAuditor and configured for automatic filter updates, are automatically protected from this security threat.
According to their press release today, the Symfly Trojan downloads and installs multiple files to an infected PC, primarily via HTTP. The daisy chain of installations includes the Trojan Adcheat and can install an Alexa Toolbar from Renwu.info without the user’s consent. The infection causes the user’s PC to call out to various Web sites. If the Trojan has installed the Alexa Toolbar, the calls will register as legitimate hits and artificially inflate the site’s Alexa traffic ranking. FaceTime researchers have found that Alexa traffic reports on targeted sites peak in similar patterns, leading them to conclude that the infection is impacting the reported traffic rates.
FaceTime enterprise customers are protected from the Symfly Trojan through Web filtering at the gateway in combination with inoculation at the desktop. The RTGuardian perimeter appliance automatically updates its signatures to provide protection against the initial infection at the gateway. FaceTime’s Greynets Enterprise Manager provides an additional layer of protection with the ability to identify and remediate any infected endpoints.
The FaceTime research team offers a detailed accounting of the infection and the possible motives here.
FaceTime is headquartered in Foster City, California. For more information visit www.facetime.com or call 888-349-FACE.