Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us

    Issues surrounding the crash of Air France Flight 447 have not been fully resolved up to now but, it didn’t need be for cybercriminals; they’re already taking advantage of this tragedy too.

    Through SEO poisoning, searches for reports related to the plane crash yield links that when opened trigger multiple redirections to various sites, which ultimately lead to download of rogue antivirus software.

    Click Click

    The URLs shown above (Figure 2) are detected as follows:

    • hxxp:// cnnnews2009.{BLOCKED}.com/french-airbus-crash.html – detected as HTML_REDIRECT.ED
    • hxxp:// cnnnews2009.{BLOCKED}.com/images/menu.js – detected as JS_CRYPTED.HW
    • hxxp:// {BLOCKED}ware-live-scanv3.com/1/?id=2022&smersh=8186a276d&back=%3DDQwxDDwNcQNMI%3DN/My computer Online Scan.htm detected as JS_FAKEAV.BIM

    As of this writing the other URLs are inaccessible. On the other hand, the downloaded rogue antivirus Install_2022.exe is detected as TROJ_FAKEAV.BIM. Upon execution, it connects to a URL to download another file which is now detected as TROJ_YEKTEL.AA.

    Upon execution, TROJ_YEKTEL.AA displays an installation prompt for a supposed antivirus application called Personal Antivirus. Should any user proceed with the installation, he or she will be greeted by a parade of malware detections supposedly found on their system. The said malware detections are fake, and are used to scare the user into getting a copy of the full version of the software—for a fee of course.

    Click Click Click

    It is saddening to see cybercriminals trying to pull off one of these rogue antivirus schemes using most recent tragedies where so much mourning is involved.

    Nonetheless, Trend Micro Smart Protection Network already stops this threat from affecting users, as the malicious URLs and files are already blocked and detected respectively.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice