Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    For cybercriminals, another celebrity’s death means a new life for their scams. Earlier today, we discovered new FAKEAV variants that take advantage of the death of the former Canadian teen idol, Corey Haim.

    Using blackhat search engine optimization (SEO) techniques, a simple Google search for news on Corey Haim’s funeral gives out malicious links in the top search results, which redirect users to sites that eventually lead to the download of a FAKEAV.

    Click for larger view

    A fake scan page convinces users that their computers were affected by several harmful files and that they should download and install the fake antivirus application.

    Click for larger view Click for larger view

    Trend Micro detects the downloaded file as TROJ_FAKEAV.DBB. After installation, the program loads a scan page with fake scan results and offers to remove the harmful files from the users’ machines.

    Click for larger view Click for larger view

    There is, of course, a slight catch since the product requires activation. We advise users to be wary of such tactics since they may unwillingly divulge sensitive information. In this case, the attackers ask for credit card information.

    Click for larger view Click for larger view

    Trend Micro™ Smart Protection Network™ protects customers from this threat by blocking user access to the malicious websites that host the malicious FAKEAV file. It also detects and prevents the download of TROJ_FAKEAV.DBB via the file reputation service.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice