Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2012
    S M T W T F S
    « Jan    
     1234
    567891011
    12131415161718
    19202122232425
    26272829  
    • About Us
    Malware Blog > FakeAV for 9/11
    Sep10
    7:18 pm (UTC-7)   |    by

    As the anniversary of the horrible September 11 attacks in The United States approaches, Trend Micro researchers donned their research coats and waited for the people behind FAKEAV to make their move. Predictably, they did not disappoint.

    Through SEO poisoning, users searching for any reports related to September 11 may find themselves stacked with Google search results that lead to a rogue AV malware detected by Trend Micro as TROJ_FAKEAV.BOH.

    September 11 search results

    Figure 1. Poisoned Google search results

    As shown in the image above, TROJ_FAKEAV.BOH may arrive on the system as Scanner-7c545a_2031.exe from several malicious Web sites that can all be found in the poisoned Google search results.

    Trend Micro users are already protected from this threat, as the malicious file(s) are already detected and the download links are already identified and blocked by the Web Reputation Service.

    The people behind FAKEAV still show no sign of slowing down. With the holiday season coming up, users are also advised to refrain from visiting unknown sites returned in Search Engine results  and rely on reputable news agencies instead.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Thursday, September 10th, 2009 at 7:18 pm and is filed under Malicious Sites, Malware, Security . Both comments and pings are currently closed.



    16 Responses to “FakeAV for 9/11”

    1. d3m4s1@d0v1v0 Says:
      September 11th, 2009 at 6:19 am

      I was waiting to see this kind of news in different blogs, as always at these dates, attackers are ready to strike!

    2. daniel Says:
      September 14th, 2009 at 12:58 pm

      http://www.infowars.com/internet-security-software-company-says-911-searches-infected-with-malware/

    Trackbacks

    1. Tweets that mention FakeAV for September 11 | Malware Blog | Trend Micro -- Topsy.com
    2. TrendMicro (TrendMicro)
    3. RT @TrendMicro FakeAV for Sept… at ePCdoctor.com 3.1
    4. TrendLabs (TrendLabs)
    5. Propagan virus aprovechando el 9/11 | Actualidad en Lineup
    6. iia_security (Terry)
    7. epcdoctor (Ernie)
    8. UnderForge of Lack » Blog Archive » 2009.09.14 月曜日
    9. New York Times pushes Fake AV malvertisement. » CounterMeasures
    10. Operation Mind Seed » Blog Archive » Internet Security Software Company Says 9/11 Searches Infected with Malware
    11. New York Times Pushes Fake AV Malvertisement | BusinessComputingWorld
    12. Internet Security Software Company Says 9/11 Searches Infected with Malware « Ancavge
    13. Risky Research « Information
    14. Blackhat SEO and FAKEAV: A Dangerous Tandem


     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2011 Trend Micro Inc. All rights reserved. Legal Notice