• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   ‘Halloween Costumes’ Bring More Fright Than Expected

‘Halloween Costumes’ Bring More Fright Than Expected

  • Posted on:October 22, 2008 at 1:45 am
  • Posted in:Malware
  • Author:
    JM Hipolito (Technical Communications)
2

With Halloween just a few weeks away, you can bet everyone’s preparing. Kids, and also adults, are probably looking for the perfect costume they’ll wear to scare each other off in the spirit of the holiday.

Unfortunately, just searching for the perfect costume might render users the victim of a quite more grave type of scare tactic.

Advanced Threats Researcher Ivan Macalintal reported of search results to queries for “halloween costumes” yielding compromised legitimate webpages.

Webpages seem to have been inserted onto legitimate websites as part of another SEO manipulation plot. As Threat Researcher Lennard Galang explains, “Usually in SEO Poisoning Attacks, malware authors compromise websites that are already top ranked in search engines, which may not be related to one another. Once compromised, they insert a specially crafted webpage on the compromised website so as upon using search engines or site searches, they can easily be visited or referred to.”

In this case, the inserted webpage on the compromised websites are rigged with the keyword “halloween costumes” in order to be yielded as a result whenever a search for the said string is conducted. The webpages are loaded with a JavaScript that starts a series of redirections which is hidden from the user, then finally leading to a page that displays the following message box:

Figure 1. Silent redirections lead to this page.

Not surprisingly, the final payload for this attack is the installation of yet another rogue antivirus. Clicking “OK” on the message box will download Antivirus 2009, which is one of the notorious rogue av programs recently reported.


Figure 2. Clicking on the message box downloads a fake antivirus

This attack bears a striking resemblance to a similar attack last year, where searches for christmas gift shopping also generated nasty results. Also just a couple of months back, SEO manipulation was also used to distribute rogue AV.

However, Trend Micro customers need not worry of being affected by this threat, as the downloaded file AntiMalware2009Installer.exe is already detected as Mal_FakeAV6 by the Smart Protection Network. All malicious URLs are blocked as well.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: halloweenrogue AVSEO poisoning

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.