Yesterday, a 6.0-magnitude earthquake shook the Philippine capital, causing a bit of concern among its inhabitants and their relatives from the rest of the country and abroad. As such, many tuned in to the Web for the latest news and updates on this incident. As expected, cybercriminals were one of the first in line to provide information about the earthquake rigged with rogue antivirus applications.
Trend Micro advanced threats researcher Norman Ingal discovered that some FAKEAV variants already took advantage of this incident as a social-engineering technique. He said this malware also used blackhat search engine optimization (blackhat SEO) tactics to make malicious links the top-ranking search results whenever users used the string, “earthquake manila philippines.”
These links lead to the download of FAKEAV variants, particularly TROJ_FAKEAV.ENZ, which also used the recent wardrobe malfunction incident of a Philippine TV personality as an attack vector.
Clicking the links also led to the download of JS_REDIR.SMB, which displays a warning dialog box that tells users that their computers have been infected.
Clicking OK opens the following message boxes and windows and downloads the malicious file onto users’ computers.
Earthquakes are natural occurrences and we never really know when or where they will hit next. One thing for sure though is that cybercriminals will most definitely ride on every earthquake or natural calamity news that will hit the press next just as they did during the Haiti and Chile earthquakes.
Trend Micro product users are protected from this threat by the Smart Protection Network™, which blocks user access to related malicious sites and prevents them from being downloaded onto users’ systems.
Non-Trend Micro product users can likewise stay protected by using free tools like Web Protection Add-On, a lightweight add-on solution designed to proactively protect computers against Web threats.