Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    The World Health Organization (WHO) raised the H1N1 global pandemic alert level to phase 6 on June 11. More than 70 countries have now reported cases of human infection. Many of the cases reportedly had links to travel or were localized outbreaks. The WHO designation of a phase 6 pandemic alert reflects the fact that there are now ongoing community-level outbreaks in multiple parts of world. It should be noted, however, that the WHO’s decision to raise the pandemic alert level to phase 6 is a reflection of the spread of the virus and not of the severity of illness caused by the virus.

    As with any other tragic and much-publicized event, cybercriminals again took advantage of the situation by launching a spate of attacks targeting wary, unknowing users.

    Some of the most recent attacks include those we have already featured in the following blog posts:

    Probably the most nefarious of these attacks were found to be hosted on is-the-boss.com domain. Through SEO poisoning, searches for reports related to the virus yield links that when opened trigger multiple redirections to various sites, which ultimately lead to the download of rogue antivirus software.

    Click Click

    The following URLs were also found to start off similar infection chains:

    • hxxp://amiasjussa11.{BLOCKED}is-the-boss.com/h1n1-pandemic.html
    • hxxp://amiasjussa11.{BLOCKED}is-the-boss.com/h1n1-who.html
    • hxxp://amiasjussa11.{BLOCKED}is-the-boss.com/h1n1.html
    • hxxp://news04.{BLOCKED}is-the-boss.com/a-h1n1-virus.html

    As of this writing, the is-the-boss(dot)com domain is still being used for blackhat SEO campaigns to deliver fake antivirus solutions such as:

    The malware TROJ_DLOADR.API and JS_DLOADR.APO attempt to connect to the following URLs, respectively, to download other possibly malicious files:

    • hxxp://thenewpic.{BLOCKED}com/item/2a2c{long string}c70a/e4f892d7456/titem.gif
    • hxxp://theimagesphoto{BLOCKED}.com/werber/744842b7155/217.gif
    • hxxp://super-antiviral-scan{BLOCKED}.com/?id=48275

    Fortunately, Trend Micro’s Smart Protection Network already stops this threat from affecting users, as the malicious URLs and files are already blocked and detected, respectively.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice