Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Apparently fake blogs that deliver malware are not enough. We discovered fake forums that do the same thing as well. Some 300 forums created through a popular Web site advertise porn and lead users to the following URLs:

    • hxxp:// {BLOCKED}g.proboards54.com/
    • hxxp:// {BLOCKED}7f2e2.proboards80.com/
    • hxxp:// {BLOCKED}84e57.proboards81.com/
    • hxxp:// {BLOCKED}5ade.proboards82.com/
    • hxxp:// {BLOCKED}e714cf.proboards83.com/
    • hxxp:// {BLOCKED}f9af.proboards84.com/
    • hxxp:// {BLOCKED}6b77.proboards85.com/
    • hxxp:// {BLOCKED}m.proboards88.com/
    • hxxp:// {BLOCKED}nf487a.proboards100.com/
    • hxxp:// {BLOCKED}ddc59.proboards101.com/
    • hxxp:// {BLOCKED}3740.proboards102.com/

    Users see any of the following Web pages when they access these said URLs:

    Malware authors use a combination of techniques in this attack. The screenshots above show two screens in a single Web page. When users click the screen that says Click here to see movie they fall prey to a drive-by download technique as the malware already executes without users knowing it. What’s interesting is that the malware being downloaded continuously changes. Systems were earlier infected with TROJ_FAKEAV.NN, but now another file detected by Trend Micro as TROJ_CODECPACK.R is installed instead.

    But it doesn’t end there: malware may also be installed in systems when users refresh a page as they are redirected to other Web site:

    Here, the site does not ask for the installation of an ActiveX object anymore. Instead it lures users into the now-popular fake codec routine, where Web users are tricked into installing malware disguised as a video codec into their systems. Again the malware changes variants: we’ve identified TROJ_FAKEAV.NO and TROJ_FAKEAV.IT.

    Rogue antivirus scams continue plaguing online users, and this threat tells us cybercriminals are showing no signs of stopping.

    The Trend Micro Smart Protection Network already blocks the malicious URLs involved involved this threat. It also detects and removes malicious files at the desktop level. We warn online users to be skeptical of the content of forums and blogs as these sites are now quickly becoming avenues for spamming and malware operations.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice