Search Results For Air France Flight 447 Lead To Rogue Antivirus


Recommended Posts

Jun4-2009

Search Results for Air France Flight 447 Lead to Rogue Antivirus

4:37 am (UTC-7) | by JM Hipolito (Technical Communications)

Issues surrounding the crash of Air France Flight 447 have not been fully resolved up to now but, it didn’t need be for cybercriminals; they’re already taking advantage of this tragedy too.

Through SEO poisoning, searches for reports related to the plane crash yield links that when opened trigger multiple redirections to various sites, which ultimately lead to download of rogue antivirus software.

The URLs are detected as follows:

hxxp:// cnnnews2009.{BLOCKED}.com/french-airbus-crash.html - detected as HTML_REDIRECT.ED

hxxp:// cnnnews2009.{BLOCKED}.com/images/menu.js - detected as JS_CRYPTED.HW

hxxp:// {BLOCKED}ware-live-scanv3.com/1/?id=2022&smersh=8186a276d&back=%3DDQwxDDwNcQNMI%3DN/My computer Online Scan.htm detected as JS_FAKEAV.BIM

As of this writing the other URLs are inaccessible. On the other hand, the downloaded rogue antivirus Install_2022.exe is detected as TROJ_FAKEAV.BIM. Upon execution, it connects to a URL to download another file which is now detected as TROJ_YEKTEL.AA.

TrendMicro for article - http://blog.trendmicro.com/

Link to post
Share on other sites
  • 13 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...