Published: November 20 2009, 01:29 AM
by Akhil Menon

It may not be Thanksgiving Day yet in the US, however malware authors are prepared in advance to lure in unsuspecting Internet users into a malware recipe for disaster through search engine results. This was an obvious choice for malware authors, owing to the growing trend of Search Engine Optimization (S.E.O) related social engineering attacks gaining popularity recently with the Holidays and latest Celebrity news headlines.

A quick search for “Thanksgiving”-related search terms in a popular search engine put forth the following results as shown in [Figure 1]. The links have been obscured for safety as they are very much active at the time of writing this blog.

As seen before in the earlier SEO-based attacks, clicking on the link directs the user to an unsuspecting intermediate page while various web page re-directions are observed in the browser. After a few seconds, the very typical Fake Scanner Page shows up warning the user that the end-user machine is infected by Viruses. [Figure 2]

Clicking anywhere on the dialog box as shown in [Figure 2] results in the download of a file “install.exe” which CA Security products detect under the Fake AV Family of Trojans.

If the file ‘install.exe’ is allowed to be run on a machine, a Rogue Security Product is installed called “Security Tool” [Figure 3] that further scares the users with fake infection warnings and pesters them into paying money for its fake protection.

The malware and its components are detected by CA Antispyware as Rogue Security Software “Security Tool” and as Trojan “Win32/SecurityTool” variants by our CA Antivirus.

As always, we recommend that you exercise extreme caution while surfing the Internet and in downloading files, and that you always keep your CA Security Products updated with the latest signatures.

Stay safe online and Happy Thanksgiving Everyone!

Share this post:  Email

Share