Wednesday, February 24, 2010 1:28 PM cmosby

FAKEAV Cashes in on Austin, Texas Plane Crash – TrendLabs Malware Blog

7:48 pm (UTC-7)   |   by Carolyn Guevarra (Technical Communications)

News of another plane crash shook Americans on Thursday morning. Reportedly, a begrudged pilot, furious with the Internal Revenue Service (IRS), intentionally crashed a small plane on the building that housed the agency’s office in Austin, Texas. Although the said incident was tagged “an isolated event” and not an act of terrorism, cybercriminals launched their own “terrorist” attack by scaring unknowing users using another FAKEAV variant to gain profit.

Using the usual blackhat search engine optimization (SEO) techniques FAKEAV peddlers use, this variant immediately tops search results when users try to find news updates about the said incident. Clicking the malicious link leads to the download of TROJ_FAKEAV.LGJ.

Click for larger view Click for larger view
Click for larger view Click for larger view

This similar tactic has also been seen to take advantage of recent notable news and events like the “Superbowl 44” and Bill Cosby’s alleged death, the Winter Olympics, and even the February Microsoft patch release.

Apart from being scammed into buying a useless application, users who are tricked into clicking the malicious link and filling up the order form can also fall prey to data or, worse, identity theft should the perpetrators decide to sell their credentials (i.e., credit card numbers and other pertinent personal information) to the highest bidders in underground markets.

Trend Micro™ Smart Protection Network™ protects product customers from this and similar threats by blocking user access to all related malicious sites via the Web reputation service and by detecting and preventing the download of malicious files like packupdate_build6_195.exe, aka TROJ_FAKEAV.LGJ, via the file reputation service.

Non-Trend Micro product users, on the other hand, can also stay protected from such threats via free tools like Web Protection Add-On, which has been designed to block access attempts to potentially malicious websites in real-time.

Filed under: , , ,


No Comments