Search Results For Air France Flight 447 Lead To Rogue Antivirus

[Peaches]

Jun4-2009

Search Results for Air France Flight 447 Lead to Rogue Antivirus

4:37 am (UTC-7) | by JM Hipolito (Technical Communications)

Issues surrounding the crash of Air France Flight 447 have not been fully resolved up to now but, it didn’t need be for cybercriminals; they’re already taking advantage of this tragedy too.

Through SEO poisoning, searches for reports related to the plane crash yield links that when opened trigger multiple redirections to various sites, which ultimately lead to download of rogue antivirus software.

The URLs are detected as follows:

hxxp:// cnnnews2009.{BLOCKED}.com/french-airbus-crash.html - detected as HTML_REDIRECT.ED

hxxp:// cnnnews2009.{BLOCKED}.com/images/menu.js - detected as JS_CRYPTED.HW

hxxp:// {BLOCKED}ware-live-scanv3.com/1/?id=2022&smersh=8186a276d&back=%3DDQwxDDwNcQNMI%3DN/My computer Online Scan.htm detected as JS_FAKEAV.BIM

As of this writing the other URLs are inaccessible. On the other hand, the downloaded rogue antivirus Install_2022.exe is detected as TROJ_FAKEAV.BIM. Upon execution, it connects to a URL to download another file which is now detected as TROJ_YEKTEL.AA.

TrendMicro for article - http://blog.trendmicro.com/

[johndowne]

What people are faced with most when it comes to compiling a document is simply  custom essay writing service getting all the details in proper accordance, but this is not a problem for our automatic producer.