2 min read

Rogue AV Brings Bad News about Libya and Earthquakes

Bogdan BOTEZATU

March 30, 2011

Rogue AV Brings Bad News about Libya and Earthquakes

When it comes to planting malware, the creativity of cyber-crooks seems to be endless. One heavily exploited by the Storm Worm gang, apocalyptic news headlines crawl their way into the rogue antivirus market.

If you’ve been looking for information about the current situation in Libya, you may have stumbled upon a piece of “news” claiming that “Security forces open fire on protesters in Syria, killing at least 20 people. NATO takes command of the no-fly zone in Libya.” This piece of news, although legit, has spawned thousands of pages optimized through black-hat mechanisms to deploy nothing but Rogue Antivirus apps.

Spotted earlier this month, the rogue AV involved in the attack is a spoofed version of a well-known legit antivirus. The infection vector is pretty much similar to what we’ve seen up until now: a poisoned search result leads the user to a domain hosted with free domain provider co.cc. At the other end of the connection, a script checks the referrer to see whether the user comes from a search engine result or not. If they do, they will be redirected to a fake scanner. If not, they are redirected to google.com.

Rogue AV impersonating a legit security solution

Rogue Antivirus trying to impersonate a legit antivirus solution.

This malware campaign has also been spotted on microblogging social networks where the malicious links have been concealed using short URLs. 

In order to stay safe, we recommend that you pay extra attention on the links you are clicking. If you have BitDefender Internet Security, BitDefender Total Security or BitDefender TrafficLight installed on your computer, then search results will be analyzed and, if malware is found, they get marked as harmful. Also, be careful when downloading applications and, if you need an antivirus, point your browser to your favorite vendor or check out the performance reviews offered by independent testers.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read