Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Trend Micro researchers were alerted of blackhat SEO campaigns that led to FAKEAV or rogue antivirus. The cybercriminals behind these attacks hitchhiked on high profile news like the recent death of Patrick Swayze, Kanye West’s infamous interruption on MTV VMA awards, and the death of Yale student Anne Le.

    Upon further analysis, our researchers discovered that the poisoned keywords are not only limited to recent events. According to Advanced Threats Researcher Joey Costoya, there are many hijacked search items that point to FAKEAV.

    Here are some of the search terms:

    • Act Registration
    • Alan Thicke
    • Archer FX
    • Archer Fx
    • Beaches Movie
    • Cbs Survivor
    • Community Imdb
    • Community Nbc
    • Community Show
    • Community Tv
    • Delta Smelt
    • Dina Meyer
    • Divas Live 2009
    • Ernie Anastos
    • Fx Network
    • Gillian Jacobs
    • Grandma S Boy
    • Huron Ca
    • Huron California
    • Janet Napolitano
    • Joel Mchale
    • Kanye West Interruption Video
    • Katherine Heigl Baby
    • Melinda Loveless
    • My Date With The President S Daughter
    • Polwizjer
    • Ralphie May
    • Russell Hantz Oil Company
    • San Joaquin Valley
    • Sniffish
    • Starship Troopers
    • The Gang Exploits The Mortgage Crisis
    • The Office Gossip
    • The Valley Hope Forgot
    • Volkswagen L1 Concept

    These search strings might be based on Google Trends as it shows the top searches people made in Google. These hijacked search strings are then linked to sites that served FAKEAV.

    In addition, the cybercriminals behind such attacks are doing GeoIP checks. If the user sports a US IP address, the FAKEAV sites emerge. Otherwise, accessing the URL will produce an HTTP 404 page. Thus our advice for users from the US which are obviously singled out as the target of these attacks: Be extra careful!!

    SEO poisoning is becoming the main contraption of rogue antivirus applications. It often rides on current events as we had blogged before in the following posts:

    Users are advised to be cautious in their Web searches and to visit credible websites only. Trend Micro already blocks and detects all malicious URLs through its Trend Micro Smart Protection Network.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice