Sep10
7:18 pm (UTC-7)   |   by Jessa De La Torre (Threat Response Engineer)

As the anniversary of the horrible September 11 attacks in The United States approaches, Trend Micro researchers donned their research coats and waited for the people behind FAKEAV to make their move. Predictably, they did not disappoint.

Through SEO poisoning, users searching for any reports related to September 11 may find themselves stacked with Google search results that lead to a rogue AV malware detected by Trend Micro as TROJ_FAKEAV.BOH.

September 11 search results

Figure 1. Poisoned Google search results

As shown in the image above, TROJ_FAKEAV.BOH may arrive on the system as Scanner-7c545a_2031.exe from several malicious Web sites that can all be found in the poisoned Google search results.

Trend Micro users are already protected from this threat, as the malicious file(s) are already detected and the download links are already identified and blocked by the Web Reputation Service.

The people behind FAKEAV still show no sign of slowing down. With the holiday season coming up, users are also advised to refrain from visiting unknown sites returned in Search Engine results  and rely on reputable news agencies instead.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Thursday, September 10th, 2009 at 7:18 pm and is filed under Malicious Sites, Malware, Security . You can leave a response, or trackback from your own site.



16 Responses to “FakeAV for 9/11”

  1. d3m4s1@d0v1v0 Says:
    September 11th, 2009 at 6:19 am

    I was waiting to see this kind of news in different blogs, as always at these dates, attackers are ready to strike!

  2. daniel Says:
    September 14th, 2009 at 12:58 pm

    http://www.infowars.com/internet-security-software-company-says-911-searches-infected-with-malware/

Trackbacks

  1. Tweets that mention FakeAV for September 11 | Malware Blog | Trend Micro -- Topsy.com
  2. TrendMicro (TrendMicro)
  3. RT @TrendMicro FakeAV for Sept… at ePCdoctor.com 3.1
  4. TrendLabs (TrendLabs)
  5. Propagan virus aprovechando el 9/11 | Actualidad en Lineup
  6. iia_security (Terry)
  7. epcdoctor (Ernie)
  8. UnderForge of Lack » Blog Archive » 2009.09.14 月曜日
  9. New York Times pushes Fake AV malvertisement. » CounterMeasures
  10. Operation Mind Seed » Blog Archive » Internet Security Software Company Says 9/11 Searches Infected with Malware
  11. New York Times Pushes Fake AV Malvertisement | BusinessComputingWorld
  12. Internet Security Software Company Says 9/11 Searches Infected with Malware « Ancavge
  13. Risky Research « Information
  14. Blackhat SEO and FAKEAV: A Dangerous Tandem

Leave a Reply


Bogus Profile in LinkedIn Leads to FAKEAV
Heads Up For Holiday Spam


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice