TrendLabs threat analysts found another FAKEAV campaign piggybacking on the Leonid meteor shower and the much-anticipated sequel to the Twilight saga, New Moon. Users searching for news and updates using the keywords “meteor shower tonight november 16 time” and “New Moon premiere live stream” end up with poisoned search results. These results redirect users to fake online scanners, which ultimately lead to the download of a FAKEAV variant detected by Trend Micro as TROJ_FAKEAV.MET.
Upon execution, TROJ_FAKEAV.MET drops malicious files and displays fake warning messages. These messages urge users to avail of a bogus antivirus product, Security Tool.
FAKEAV is notorious for capitalizing on hot news and popular searches via SEO poisoning. Hence, users are advised to be wary of suspicious-looking URLs when conducting online searches. Trend Micro protects users from this attack via the Smart Protection Network™ that blocks and detects all related malicious files and URLs.