TrendLabs has received reports of news sites whose pages and ads spout rogue antispyware programs. Trend Micro Senior Threat Researcher Ivan Macalintal has been alerted by a user who was browsing through an article on the Boston Herald Web site when the latter got an odd JavaScript alert box.
The page at http://scanner2.malware-scan.com says:
NOTICE: If your computer has been running slower than normal,
it may be infected with Viruses, Adware or Spyware.
MalwareAlarm will perform a quick and completely FREE scan of your system for malicious programs.
Download MalwareAlarm for FREE now!
MalwareAlarm is a known rogue antispyware program that has been first identified by our friends from Sunbelt back in April. These usually appear as ads that warn Internet users of system infection. The said ads then offer solutions like system scans, which can be performed when a user agrees to download a malicious program.
Trend Micro Threat Researcher Feike Hacquebord also found rogue antispyware on the Israeli news site www.ynetnews.com, whose Shockwave ads redirected to malicious sites at adtraff.com. As of this writing, the ad file is still hosted at http://i.total-media.net/yn/ads/eBooks/1/eBooksytn728×90.swf.
Note that the fake “scan results” of the MalwareAlert display the same three malware detection names as displayed by the program called ScanAlert that Trend Micro AV Engineer Robert McArdle encountered via Skype. This suggests that ScanAlert is just rogue antispyware by any other name, although it and MalwareAlarm may be one and the same.
Users who encounter these kinds of programs should always be careful, as usually these are also phishing attempts that ask for user’s details and money, besides infecting machines of users who don’t know better. Trend Micro users, meanwhile, are protected from these with its Web Filtering and Web Reputation Services.
