Peaches Posted June 5, 2009 Report Share Posted June 5, 2009 Jun4-2009Search Results for Air France Flight 447 Lead to Rogue Antivirus4:37 am (UTC-7) | by JM Hipolito (Technical Communications) Issues surrounding the crash of Air France Flight 447 have not been fully resolved up to now but, it didn’t need be for cybercriminals; they’re already taking advantage of this tragedy too.Through SEO poisoning, searches for reports related to the plane crash yield links that when opened trigger multiple redirections to various sites, which ultimately lead to download of rogue antivirus software.The URLs are detected as follows:hxxp:// cnnnews2009.{BLOCKED}.com/french-airbus-crash.html - detected as HTML_REDIRECT.ED hxxp:// cnnnews2009.{BLOCKED}.com/images/menu.js - detected as JS_CRYPTED.HW hxxp:// {BLOCKED}ware-live-scanv3.com/1/?id=2022&smersh=8186a276d&back=%3DDQwxDDwNcQNMI%3DN/My computer Online Scan.htm detected as JS_FAKEAV.BIM As of this writing the other URLs are inaccessible. On the other hand, the downloaded rogue antivirus Install_2022.exe is detected as TROJ_FAKEAV.BIM. Upon execution, it connects to a URL to download another file which is now detected as TROJ_YEKTEL.AA.TrendMicro for article - http://blog.trendmicro.com/>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.