26 Jan 2011

Fake antivirus hides in ads

A fake antivirus warning has been discovered, which is linked to ads.

The virus was spotted on the ICQ website and is a rogue piece of scareware. Without doing anything out of the ordinary, users unknowingly trigger the pop-ups, and end up clicking on malicious links.

As the ads are displayed, another pop-up appears from Antivirus8, which supposedly has detected suspicious activity, but is not a legitimate antivirus program. One ad that showed up on the site was for a woman’s clothing company called Charlotte Russe. These ads are hosted on a server that is not associated with the retail company.

"This means that somebody went through the trouble of pretending to be this store," said Roel Schouwenberg, a senior antivirus researcher. “They put in quite a lot of effort to seem legitimate. Attacking yield manager successfully and having fake antivirus in the ICQ ads … is something that is very high level and hard to achieve.”

There could be two factions involved, according to Schouwenberg - one responsible for the fake antivirus portion and the other responsible for getting the malware in the ads.