Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Easter, like any other holiday, will not pass without cyber criminals attempting to exploit the occasion for their own malicious operations.

    Trend Micro Advanced Threats Researcher Paul Ferguson discovered websites that seem to be related to Easter, except they are malicious and were created to spew malware onto PCs. He adds that there is evidence again pointing to well known Russian/Ukrainian cybercrime organizations which are most probably behind these ongoing malicious SEO (Search Engine Optimization) campaigns, in an attempt to boost the page rankings of booby-trapped websites.

    Unwitting victims are led to these sites through “poisoned” search results. Queries in popular engines for keywords related to Easter yield results that point to the malicious sites mentioned above.

    Analysis by our engineers reveals that one of the dangerous sites is rigged with a script detected by Trend Micro as JS_DLOADER.WKQ. This malicious JavaScript redirects victims to another page, a Fake AV download site, where a rogue antivirus program detected as TROJ_FAKEAV.BAF is downloaded.

    Rogue software continues to plague Web users. The most recent development in this malware category involved cybercriminals incorporating ransomware elements, encrypting users’ files so they’d have to pay to install a software that would supposedly “fix” the corrupted files.

    Our engineers are analyzing this threat further. Updates will be posted as soon as more information becomes available.

    Update: 13 April 2009, 10:00 PM PST

    Analysis reveals that TROJ_FAKEAV.BAF displays the following fake malware infection warnings to convince affected users into paying for a supposed “security software” that in actuality is also the malware itself.

    Figure 1. Fake malware infection warnings

    Figure 2. Prompt to install the trial version of rogue antivirus program

    Figure 3. Rogue antivirus program GUI

    Figure 4. The affected user is asked to purchase the “full version” of the rogue antivirus in order to remove the supposed malware affecting their system.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice