News of a twin bombing attack in Russia shocked the world on Monday morning as two female suicide bombers blew themselves up in Moscow subway stations. According to news reports, the attacks killed at least 38 and wounded more than 60 people. Jumping at the chance to make profit from terrible events, cybercriminals quickly picked the news up and used it for their own malicious attacks.
Shortly after the news broke out, cybercriminals once again employed their blackhat search engine optimization (SEO) tactics to make their malicious links the top-ranking search results in Google. Their links achieved the top 2 spots for about 2 hours for the keywords Moscow subway explosion and are now placing within the top 11 spots for the keywords Moscow bombing. Apparently, this news topic has made Moscow a popular trending topic not only in Google but in social networks as well. In Twitter, searching for Moscow also showed results with embedded malicious URLs within Tweets.
The links, of course, will not direct users to news sites but instead open a fake scanning page. It then reports that the computer is vulnerable to malware attacks and recommends that the users proceed with checking for infections.
Agreeing to install the rogue antivirus downloads the FAKEAV file detected by Trend Micro as TROJ_FAKEAV.SMDY onto affected systems.
If there is one thing every user should now know, it is that cybercriminals will use whatever topic is most popular to make their attacks successful. As always, please be mindful not to click any link even if it is one of the top-ranking results in Google or if it has been sent by your supposed friends in Twitter.
Trend Micro product users are protected from this threat by the Smart Protection Network™, which blocks user access to related malicious sites and prevents malware from being downloaded onto users’ systems.