Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    I recently tried to unpack an obfuscated JavaScript from a malicious .PDF file when I came across the following Google search results:

    Click for larger view

    To my surprise, one of the resulting online JavaScript unpacker sites has been compromised. Most probably part of a blackhat search engine optimization (SEO) campaign, I finally landed on a page that served a FAKEAV warning.

    Click for larger view

    The usual FAKEAV routine then ensued, which ended with a prompt giving me a stern warning that my system has been infected.

    Click for larger view

    JavaScript unpackers are commonly used by computer professionals, mostly by security researchers. As such, I don’t really see the point of deliberately compromising such a site, as its likely visitors are unlikely to fall for a FAKEAV ruse.

    Trend Micro protects product users from this attack via the Trend Micro™ Smart Protection Network™,  which blocks the websites involved in the redirection chain as well as detects the FAKEAV variant as TROJ_FAKEAV.SMSM and prevents it from being downloaded onto a user’s system.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice