Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Cybercriminals have been found riding on Brittany Murphy’s sudden death to scare people into buying FAKEAV. Searching for keywords like “brittany murphy’s death” on Google resulted in at least two suspicious URLs:

    • http://{BLOCKED}
    • http://{BLOCKED}

    The spike in searches on Murphy’s death has become the theme for the latest blackhat search engine optimization (SEO) attack, which pushed malicious sites to redirect users to scareware portals. These portals have been injected with a malicious script detected by Trend Micro as HTML_FAKEAV.WAF.

    Users who click poisoned search results will be alerted to supposed malware infections via a fake message prompt, followed by bogus scanning results and another message prompting them to download a FAKEAV to rid their system of the infection.

    Click Click

    HTML_FAKEAV.WAF also accesses URLs (detected by Trend Micro as JS_RENOS.WCF) to download more malware and TROJ_KRAP.DAM (a damaged FAKEAV installer).

    Users are thus advised to rely only on trusted news sites for reports on Murphy’s death to prevent system infection. By now, they should have learned that cybercriminals often use celebrity deaths to further their malicious causes as shown in earlier blog posts:

    Trend Micro product users are protected from this threat by the Smart Protection Network, which blocks user access to related malicious sites and prevents the download of the malicious scripts.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice