Easter, like any other holiday, will not pass without cyber criminals attempting to exploit the occasion for their own malicious operations.
Trend Micro Advanced Threats Researcher Paul Ferguson discovered websites that seem to be related to Easter, except they are malicious and were created to spew malware onto PCs. He adds that there is evidence again pointing to well known Russian/Ukrainian cybercrime organizations which are most probably behind these ongoing malicious SEO (Search Engine Optimization) campaigns, in an attempt to boost the page rankings of booby-trapped websites.
Unwitting victims are led to these sites through “poisoned” search results. Queries in popular engines for keywords related to Easter yield results that point to the malicious sites mentioned above.
Rogue software continues to plague Web users. The most recent development in this malware category involved cybercriminals incorporating ransomware elements, encrypting users’ files so they’d have to pay to install a software that would supposedly “fix” the corrupted files.
Our engineers are analyzing this threat further. Updates will be posted as soon as more information becomes available.
Update: 13 April 2009, 10:00 PM PST
Analysis reveals that TROJ_FAKEAV.BAF displays the following fake malware infection warnings to convince affected users into paying for a supposed “security software” that in actuality is also the malware itself.
Figure 1. Fake malware infection warnings
Figure 2. Prompt to install the trial version of rogue antivirus program
Figure 3. Rogue antivirus program GUI
Figure 4. The affected user is asked to purchase the “full version” of the rogue antivirus in order to remove the supposed malware affecting their system.