Earlier today, we found that the website of the Amsterdam-based record label Kaiserlabel was compromised and used as a FAKEAV doorway.
The compromised page (shown in Figure 2) was injected with a search engine optimization (SEO) kit leveraging certain topics. In addition, we also found spamdexed content that was specifically prepared for the upcoming Black Friday holiday event in the United States.
Figure 3 below shows the search keywords used in the compromised page.
Visiting the compromised site leads users to redirection chains similar to previous attacks. We detect the malicious files as TROJ_FAKEAV.SMVK. In addition, the websites that are part of the redirection chain have been blocked. Trend Micro proactively sources and detects these new threats every day, helping protect our product users.