Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Yesterday’s solar eclipse over parts of Asia was witnessed by millions of people, so it shouldn’t come as a surprise that it should attract the attention of cybercriminals. And it has. Cybercriminals wasted no time in riding on the said phenomenon as they use SEO poisoning to lead users into redirecting to a site peddling rogue antivirus software (FAKEAV).


    According to Senior Threat Researcher Joey Costoya who discovered the said attack, when users query the phrase “solar eclipse 2009 in America” in popular search engines, certain top ranking sites would redirect users to a malicious site under the domain name antispyware-scannerv3 where the FAKEAV is hosted. Trend Micro detects this variant of rogue antivirus as HTML_FAKEAV.FT.

    The following are screenshots of the rogue antivirus online scanning page and the scanning results:

    Click for larger view Click for larger view

    The Smart Protection Network protects Trend Micro users from this threat by blocking access to the malicious sites so that even if curious users click on rigged search results they do not end up on rogue antivirus territories. Furthermore, Trend Micro already detects and cleans the rogue antivirus components related to this attack.

    This is not the first time an eclipse was used to bait users to download malware. Read more about that in the blog entry Dark Shadows Lurk after Lunar Eclipse.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice