Tuesday, March 09, 2010 1:18 PM
cmosby
Oscars 2010 Awards Users with FAKEAV – TrendLabs Malware Blog
It seems that fans around the world are not the only ones who are hooked on the Oscars. Just a day after this year’s Academy Awards, Trend Micro Threat researchers found FAKEAV variants topbilling the search pages.
This time around, users searching for news on the Oscars fall prey to the latest blackhat search engine optimization (SEO) attack that uses the search terms “oscar winners 2010 live”. Almost 80% of the results on the first page alone leads to the download of a FAKEAV binary detected by Trend Micro as TROJ_FAKEAV.ZZH.
The said variant has been observed to connect to a remote web site to send and receive information. It is also able to download other malware, Mal_Xed-22 and TROJ_VUNDO.SMAT included.
With the continued proliferation of blackhat SEO attacks leading to FAKEAV, it is apparent that cybercriminals intend to continue riding on top web searches. Users are thus reminded to exercise extreme caution when visiting sites especially with Oscar fever still running high.
Trend Micro™ Smart Protection Network™ protects customers from this and similar threats by blocking user access to all related malicious sites via the Web reputation service. It also detects and prevents the download of TROJ_FAKEAV.ZZH via the file reputation service.
Non-Trend Micro product users can also stay protected from such threats via free tools like Web Protection Add-On, which prevents user access to potential malicious websites.