Where news leads, cybercriminals follow. Over the weekend, a massive earthquake hit Chile and killed hundreds of people. This, of course, was soon followed by a blackhat SEO attack that successfully placed multiple malicious links leading to FAKEAV malware on top of the search results for “chile earthquake 2010 wiki.”

According to senior threat analyst Joseph Pacamarra, clicking the malicious links leads to the download of several files detected as TROJ_FAKEAV.JSA and TROJ_FAKEAV.STL. First, an online scan window is displayed.

After the online scan window, the fake antivirus program called Security Tool loads and presents the user with fake scan results.

Finally, the user is asked to activate the product, which actually costs him/her money.

These FAKEAV tactics are already well-tested and have been discussed before both here in the Malware Blog and elsewhere.

Trend Micro™ Smart Protection Network™ protects customers from this and similar threats by blocking user access to all related malicious sites via the Web reputation service. It also detects and prevents the download of malicious files such as TROJ_FAKEAV.JSA and TROJ_FAKEAV.STL via the file reputation service.

Non-Trend Micro product users can also stay protected from such threats via free tools like Web Protection Add-On, which prevents user access to potential malicious websites.