Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Apart from SEO poisoning, cybercriminals have found another avenue to proliferate FAKEAV malware—bogus sponsored links (sitio patrocinados in Spanish). Just recently, Trend Micro researchers were alerted to malicious search engine ads that appeared in Microsoft’s Bing and AltaVista, among others, when a user searches the string “malwarebytes.” (Malwarebytes is a free antivirus product, but of course, not a FakeAV.) Clicking the malicious URL points the user to an executable file named MalwareRemovalBot.exe-1 (detected by Trend Micro as TROJ_FAKEAV.DMZ).

    Click for larger view

    Figure 1. Malicious banner ad on Bing

    Click for larger view

    Figure 2. Malicious banner ad on AltaVista

    Upon execution, the rogue antivirus displays false information that the system is infected with files that do not even exist.

    Click for larger view

    Figure 3. Fake scan results

    In the past, cybercriminals employed the same tactic when it hitchhiked on Trend Micro. Some Google searches then showed banner ads that led to a fraudulent Trend Micro website.

    Though the ads may not appear in all regions, all users are still strongly advised to be extra careful when clicking links in search engines. Users connected to the Trend Micro Smart Protection Network are protected from this attack as it detects and blocks all malicious URLs.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Christian Potencia (Threat Response Engineer)

      FakeAV malware authors usually maximizes the use of social engineering to deceive users effectively.

    • http://www.teksquisite,com/blog Teksquisite

      I hope that twitter sees this post! I’ve been trying to get links to Malware Removal Bot removed from twitter for what feels like forever.

      Thank you for your research :)


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice