News of a performer killer whale allegedly killing its trainer made the headlines this week. Dawn Branchaeu, an animal trainer in SeaWorld Florida, was attacked by one of the trained killer whales last Wednesday. This sad event, unfortunately, paved the way for cybercriminals to distribute another FAKEAV variant.
With the usual blackhat search engine optimization (SEO) techniques, sites hosting the FAKEAV variant immediately topped search engine results. Users who try to find news on the said incident are led to poisoned results instead. Trend Micro detected the malware as TROJ_FAKEVIME.CJ.
Clicking the malicious search result above redirects users several times until they see the following message:
Click the OK button displays the results of a fake scan with a list of malware that have supposedly infected the system. This prompted users to follow the instructions to remove the said malicious files. However, instead of actually removing them, they instead download a malicious file, www1.to_stopthevir_onmypc.in (aka TROJ_FAKEVIME.CJ), onto their systems.
This Trojan modifies affected systems’ HOSTS files, preventing users from accessing specific websites. It also adds certain strings to Windows HOSTS files, which in turn, redirect users to other possibly malicious sites.
TROJ_FAKEVIME.CJ, like its predessors, also shows a spoofed warning messages to convince users to avail of a fake antivirus. To learn more about this, you can check out Trend Micro’s findings on predictably unpredictable FAKEAVs.
Using tragedies, calamities, and other newsworthy incidents to propagate FAKEAV variants is no longer new. Trend Micro has blogged about similar events such as the recent plane crash in Austin, Texas.
Trend Micro™ Smart Protection Network™ protects customers from this and similar threats by blocking user access to all related malicious sites via the Web reputation service. It also detects and prevents the download of malicious files such as TROJ_FAKEAVIME.CJ via the file reputation service.
Non-Trend Micro product users can also stay protected from such threats via free tools like Web Protection Add-On, which prevents user access to potential malicious websites.