The recent launch of Windows 8 had people talking about this new OS. Naturally, cybercriminals grabbed this chance to distribute threats leveraging Windows 8 and raise terror among users – just in time for Halloween.
We were alerted to two threats that leverage the release of this new OS. The first one is a typical FAKEAV. Detected as TROJ_FAKEAV.EHM, this malware may be encountered when users visit malicious sites.
As shown above, the malware displays a fake scanning result to intimidate users to purchase the fake antivirus program – just like your run-of-the-mill FAKEAV variant. What is different with this malware, however, is that it is packaged as a security program made for Windows 8.
The other threat is a phishing email that entices users to visit a website where they can download Windows 8 for free. Instead of a free OS, they are lead to a phishing site that asks for personally identifiable information (PII) like email address, password, name that can be peddled in the underground market or used for other cybercriminal activities.
Popularity can be Dangerous
It is typical for cybercriminals to piggyback on the highly-anticipated release of any latest technology to take their malware, spam, malicious app to new heights. The appearance of the Instagram app we previously reported coincided with the news of Facebook’s acquisition of the photo sharing app. Similarly, malicious versions of Bad Piggies surfaced right after the app’s launch.
To stay safe, users must keep their cool and think twice before clicking links or visiting webpages, especially those that promise the latest items or programs for free. If it’s too good to be true – it probably is. To know more about how cybercriminals lure users to their schemes through effective social engineering, our Digital Life e-guide How Social Engineering Works provides a comprehensive guide.
Trend Micro Smart Protection Network™ detects and deletes FAKEAV variants such as TROJ_FAKEAV.EHM and prevents access to related sites. It also blocks the related spam before it even reach users’ inboxes.
Update as of November 9, 2:23 AM PST
We found other FAKEAV variants that show fake scanning results to intimidate users into purchasing a rogue AV program supposedly for Windows 8. Specifically, these variants are TROJ_FAKEAV.EHL, HTML_FAKEAV.EHN and TROJ_FAKEAV.SMW8.