Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    I recently tried to unpack an obfuscated JavaScript from a malicious .PDF file when I came across the following Google search results:

    Click for larger view

    To my surprise, one of the resulting online JavaScript unpacker sites has been compromised. Most probably part of a blackhat search engine optimization (SEO) campaign, I finally landed on a page that served a FAKEAV warning.

    Click for larger view

    The usual FAKEAV routine then ensued, which ended with a prompt giving me a stern warning that my system has been infected.

    Click for larger view

    JavaScript unpackers are commonly used by computer professionals, mostly by security researchers. As such, I don’t really see the point of deliberately compromising such a site, as its likely visitors are unlikely to fall for a FAKEAV ruse.

    Trend Micro protects product users from this attack via the Trend Micro™ Smart Protection Network™,  which blocks the websites involved in the redirection chain as well as detects the FAKEAV variant as TROJ_FAKEAV.SMSM and prevents it from being downloaded onto a user’s system.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice