Sep10 |
7:18 pm (UTC-7) | by
Jessa De La Torre (Threat Response Engineer) |
As the anniversary of the horrible September 11 attacks in The United States approaches, Trend Micro researchers donned their research coats and waited for the people behind FAKEAV to make their move. Predictably, they did not disappoint.
Through SEO poisoning, users searching for any reports related to September 11 may find themselves stacked with Google search results that lead to a rogue AV malware detected by Trend Micro as TROJ_FAKEAV.BOH.
Figure 1. Poisoned Google search results
As shown in the image above, TROJ_FAKEAV.BOH may arrive on the system as Scanner-7c545a_2031.exe from several malicious Web sites that can all be found in the poisoned Google search results.
Trend Micro users are already protected from this threat, as the malicious file(s) are already detected and the download links are already identified and blocked by the Web Reputation Service.
The people behind FAKEAV still show no sign of slowing down. With the holiday season coming up, users are also advised to refrain from visiting unknown sites returned in Search Engine results and rely on reputable news agencies instead.
Share this article |
 |
        |
Pingback: Blackhat SEO and FAKEAV: A Dangerous Tandem
Pingback: Risky Research « Information
Pingback: Internet Security Software Company Says 9/11 Searches Infected with Malware « Ancavge
Pingback: New York Times Pushes Fake AV Malvertisement | BusinessComputingWorld
Pingback: Operation Mind Seed » Blog Archive » Internet Security Software Company Says 9/11 Searches Infected with Malware
Pingback: New York Times pushes Fake AV malvertisement. » CounterMeasures
Pingback: UnderForge of Lack » Blog Archive » 2009.09.14 月曜日
Pingback: Propagan virus aprovechando el 9/11 | Actualidad en Lineup
Pingback: RT @TrendMicro FakeAV for Sept… at ePCdoctor.com 3.1
Pingback: Tweets that mention FakeAV for September 11 | Malware Blog | Trend Micro -- Topsy.com