Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    While scouting the Web for the latest threats, Trend Micro threat analysts stumbled upon FAKEAV variants riding on the impending eruption of the Mayon Volcano. Renowned for its “perfect cone” shape, the Mayon Volcano became one of the candidates for inclusion in the New 7 Wonders of Nature list. It is not surprising, therefore, that news of its impending eruption, during the Christmas holidays no less, will attract the attention of both curious onlookers and concerned individuals alike.

    Close on the heels of users seeking out news on the event, of course, are cybercriminals with their usual blackhat SEO tactics. Searching for news on the topic on Google using the string “Mayon Volcano eruption” may lead users to the malicious URL http://{BLOCKED}acsi.com/fgq.php?in=mayon%20volcano%20eruption. Clicking the link redirects users to the CNN homepage unless their browser has google.com as referrer, in which case, they are redirected to another malicious URL, http://{RANDOM}.xorg.pl. Afterward, they will again be redirected to any of the following URLs where FAKEAV variants are downloaded onto their systems:

    • http://{BLOCKED}can.com, which redirects to http://{BLOCKED}m.cn, where they will prompted to download install14300.exe (detected by Trend Micro as TROJ_FAKEAV.MVE)
    • http://{BLOCKED}puter22.com, which redirects to http://{BLOCKED}omputer.com, where they will be prompted to download setup_build6_195.exe (detected as TROJ_FAKEAV.PTO)
    • http://{BLOCKED}antispywaresolutions.com where they will be prompted to download install.exe (detected as TROJ_FAKEAV.XMS)
    Click Click
    Click

    Smart Protection Network protects Trend Micro product users by preventing user access to the said malicious sites and detecting and by blocking the download of all related malicious files. As added precaution, however, users are advised to only rely on trusted news sites for updates on the event.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice