We’ve noted this before, but Microsoft needs to get a handle on ad placements on Bing. Ok, so Bing isn’t the most widely used search engine, but remember that Yahoo plays a part here as well.
In this case, we’re talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the ‘net right now. Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting).
So just search for “adobe flash”, and you might see this ad:
(That same search term will look identical on Yahoo, since Yahoo displays Bing ads and search results.)
Which leads to an innocent-looking “download flash” page:
Note that the page isn’t actually “GetAdobeFlash.com”. Instead, it redirects to a directory on a compromised trucking site (arulbrothers.com), downloading a file from torreandaluz (dot) com/flash/Flash Player 10 Setup.exe
So let’s download that Flash Player and run it through VirusTotal, and no surprise: It’s Sirefef.
Alex Eckelberry
(Thanks to Matthew)
Leave a reply
