Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    May 2013
    S M T W T F S
    « Apr    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
    • About Us
    Trendlabs Security Intelligence > “Copyright Violations” Used for a FAKEAV-Like Scam

    In recent years, the music and movie industries have become more aggressive in suing users accused of illegally sharing content. Large-scale mass lawsuits, previously used largely in Britain and Germany, have now made their way to the U.S. shores.

    Given a climate wherein some users are afraid of legal threats, it is no surprise that cybercriminals have adapted this technique for their own scams as well. A new file detected as ADW_ANTIPIRACY uses this technique and combines it with methods similar to those used by rogue antivirus malware.

    Like countless other FAKEAV variants, ADW_ANTIPIRACY displays a fake pop-up window. This one, however, states that information will be passed on to the courts for the appropriate lawsuits.

    Click

    A larger alert window is also used by this spyware, which states the copyright violations the user allegedly carried out and contains an offer for a pretrial settlement. This step is analogous to offers to purchase a product for FAKEAV malware.

    Click

    Like particularly troublesome FAKEAV variants, ADW_ANTIPIRACY also changes the user’s desktop wallpaper and displays fake warnings in the taskbar.

    Click Click

    ADW_ANTIPIRACY offers to “solve” the user’s legal problems if he/she settles the lawsuit for a fixed amount of money, in this case, US$399.85. Again, this is similar to FAKEAV malware, which offers to “sell” a user an antivirus to “remove” the infections found.

    Click

    The pop-up windows of the spyware say that a group known as the ICCP Foundation is responsible for the threatened lawsuits. In fact, a legitimate-looking website for the said (fictitious) group was also set up, although this has since been blocked as a malicious site by Trend Micro. Given the similarity in techniques, however, it is possible that the cybercriminals behind this particular scheme had previous “experience” with FAKEAV attacks.

    In the past, we have encountered other attacks that leveraged worries over copyright-related lawsuits as social engineering techniques. Just last month, a spam run using this technique was found. In August and September 2008, spammed messages threatening to cut off users’ Internet access were also encountered.

    Trend Micro™ Smart Protection Network™ protects users from this kind of threat by blocking access to all related malicious URLs and preventing the download and execution of the malicious file.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Tuesday, April 13th, 2010 at 4:44 am and is filed under Bad Sites, Malware . Both comments and pings are currently closed.





     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice