Apr12
3:57 pm (UTC-7)   |   by Jake Soriano (Technical Communications)

Easter, like any other holiday, will not pass without cyber criminals attempting to exploit the occasion for their own malicious operations.

Trend Micro Advanced Threats Researcher Paul Ferguson discovered websites that seem to be related to Easter, except they are malicious and were created to spew malware onto PCs. He adds that there is evidence again pointing to well known Russian/Ukrainian cybercrime organizations which are most probably behind these ongoing malicious SEO (Search Engine Optimization) campaigns, in an attempt to boost the page rankings of booby-trapped websites.

Unwitting victims are led to these sites through “poisoned” search results. Queries in popular engines for keywords related to Easter yield results that point to the malicious sites mentioned above.

Analysis by our engineers reveals that one of the dangerous sites is rigged with a script detected by Trend Micro as JS_DLOADER.WKQ. This malicious JavaScript redirects victims to another page, a Fake AV download site, where a rogue antivirus program detected as TROJ_FAKEAV.BAF is downloaded.

Rogue software continues to plague Web users. The most recent development in this malware category involved cybercriminals incorporating ransomware elements, encrypting users’ files so they’d have to pay to install a software that would supposedly “fix” the corrupted files.

Our engineers are analyzing this threat further. Updates will be posted as soon as more information becomes available.

Update: 13 April 2009, 10:00 PM PST

Analysis reveals that TROJ_FAKEAV.BAF displays the following fake malware infection warnings to convince affected users into paying for a supposed “security software” that in actuality is also the malware itself.


Figure 1. Fake malware infection warnings


Figure 2. Prompt to install the trial version of rogue antivirus program


Figure 3. Rogue antivirus program GUI


Figure 4. The affected user is asked to purchase the “full version” of the rogue antivirus in order to remove the supposed malware affecting their system.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Sunday, April 12th, 2009 at 3:57 pm and is filed under Malware . You can leave a response, or trackback from your own site.



6 Responses to “Rotten Eggs: An Easter Malware Campaign”

Trackbacks

  1. MagianCreative (MagianCreative)
  2. InfoSec4All (InfoSec4All)
  3. cybasurfa (cybasurfa)
  4. liturgicalyear (liturgicalyear)
  5. mousecalls (Alan Reeves)
  6. Topics about Top-trends » Rotten Eggs: An Easter Malware Campaign

Leave a Reply


Boredom Results in Twitter Malware Attack
Adobe Acrobat/Reader getIcon() Vuln Exploit in the Wild


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice