Another Earthquake, Another FAKEAV
3:46 am (UTC-7) | by Carolyn Guevarra (Technical Communications)
Yesterday, a 6.0-magnitude earthquake shook the Philippine capital, causing a bit of concern among its inhabitants and their relatives
from the rest of the country and abroad. As such, many tuned in to the Web for the latest news and updates on this incident. As expected,
cybercriminals were one of the first in line to provide information about the earthquake rigged with rogue antivirus applications.
Trend Micro advanced threats researcher Norman Ingal discovered that some FAKEAV variants already took advantage of this incident
as a social-engineering technique. He said this malware also used blackhat search engine optimization (blackhat SEO) tactics to make
malicious links the top-ranking search results whenever users used the string, “earthquake manila philippines.”
These links lead to the download of FAKEAV variants, particularly TROJ_FAKEAV.ENZ, which also used the recent wardrobe
malfunction incident of a Philippine TV personality as an attack vector.
Clicking the links also led to the download of JS_REDIR.SMB, which displays a warning dialog box that tells users that their computers
have been infected.
Another Earthquake, Another FAKEAV | Malware Blog | Trend Micro
1 of 4
3/28/2010 4:39 PM
Clicking OK opens the following message boxes and windows and downloads the malicious file onto users’ computers.
Earthquakes are natural occurrences and we never really know when or where they will hit next. One thing for sure though is that
cybercriminals will most definitely ride on every earthquake or natural calamity news that will hit the press next just as they did during
the Haiti and Chile earthquakes.
Trend Micro product users are protected from this threat by the Smart Protection Network™, which blocks user access to relate