TrendLabs researchers were alerted to the discovery of spammed messages that contained Twitter URLs. The spam uses subjects such as N3 Earn Extra Income! 7L, C2 Exrtra Income Daily 4P, and Q0 $$$ Oppurtunity 6O. It informs users about supposed work-from-home opportunities for Google that pay good sums of money. It then entices users to click the Twitter URL to view the details of the bogus ‘opportunities.’

When users click the link, they will land in the sender’s Twitter page where another URL is posted in a tweet along with a message that encourages them to work online. The said URL points to a bogus site about working online and some success stories. This spam attack used Twitter as a technique to lure users into clicking the link. Since Twitter is a trusted source, users may think the email they received is legitimate.

Users are advised to be wary of opening any suspicious-looking emails. Trend Micro protects users via the Trend Micro Smart Protection Network, which detects and blocks this kind of spam. Non-Trend Micro product users can use free tools like eMail ID to stay secure.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

Media reports have revealed the existence of fake blogs that were used to spread FAKEAV malware. The blogs do not actually contain any useful content. Instead, they have posts that contain nothing but images with post titles that use a wide variety of topics. The images used appear to have simply been taken from a Google Images search with the post title in question as the search term.

If a user visits the blogs in question by merely entering their URLs, they will see the harmless images. If they came from search engines such as Google, however, they will instead download a new FAKEAV variant, which is detected as TROJ_FAKEAV.FFGZ.

The JavaScript file that is used by the fake blogs is detected as JS_FRAUDLOAD.AP.  The domains or actual FAKEAV drop sites involved in this attack are already blocked by Trend Micro Smart Protection Network.

TrendLabs researchers received spammed messages purporting to have come from various companies such as eBay, J.P. Morgan Chase and Co., and Colgate-Palmolive, among others. The email bore the subject, “Payment request from,” and informs users about a certain recorded payment request.

The spammed message even gave users two options—to either ignore the email if the payment request has been made or to download the attached .ZIP file and install the inspector module to decline the said payment request. If the user does not make any transaction, he/she still needs to download the attachment just to cancel the payment request. The attached .ZIP file is, of course, not an inspector module but an .EXE file (module.exe) detected by Trend Micro as TROJ_AGENTT.WTRA.

Users are advised to be wary before opening any attached files even if they come from known sources. It is also best to verify emails you receive from any company first just to be sure it is legitimate. Trend Micro secures users from this attack via the Trend Micro Smart Protection Network™, which detects and blocks the spammed emails and prevents the download of the malicious file.

TrendLabs threat analysts found another FAKEAV campaign piggybacking on the Leonid meteor shower and the much-anticipated sequel to the Twilight saga, New Moon. Users searching for news and updates using the keywords “meteor shower tonight november 16 time” and “New Moon premiere live stream” end up with poisoned search results. These results redirect users to fake online scanners, which ultimately lead to the download of a FAKEAV variant detected by Trend Micro as TROJ_FAKEAV.MET.

Upon execution, TROJ_FAKEAV.MET drops malicious files and displays fake warning messages. These messages urge users to avail of a bogus antivirus product, Security Tool.

FAKEAV is notorious for capitalizing on hot news and popular searches via SEO poisoning. Hence, users are advised to be wary of suspicious-looking URLs when conducting online searches. Trend Micro protects users from this attack via the Smart Protection Network™ that blocks and detects all related malicious files and URLs.

As Filipinos and Puerto Ricans were busy rooting for their champions in yesterday’s fight, so were cybercriminals who wished to capitalize on the match. Through SEO poisoning, users searching for a live stream of the Pacquiao vs Cotto fight were instead served a FAKEAV variant.

According to Threat Response Engineer Jasper Manuel, search results led to the download of TROJ_FAKEAV.MAN. Clicking the link displays the following image:

Users who are interested in watching Pacquaio’s upcoming fights (i.e., with Mayweather) are advised to stay away from suspicious-looking links. Trend Micro Smart Protection Network™ blocks user access to malicious URLs and detects the said FAKEAV.