Certain compromised pages, which are search engine optimized, are found in the wild and accessible via popular search engines like Google and Bing. There pages were found to direct the user to a site where a faux scan is performed on the affected system-typical of rogue AV. What is atypical about the said scan, however, is that it claims to originate from Google.
Google systems have detected unusual traffic from your computer. Please check you PC on viruses.
To continue, please download and install our antivirus software.
or our system will block your access to Google services.
Once users heed this fake warning, they download a rogue AV file contained in a password-protected archive. Fortunately, VIPRER users are spared from this threat since we detect the malicious archive file itself as Trojan.Win32.Fakeav.tri (v).
This file yields a 2/43 detection rating as per Virus Total across all anti-malware software vendors.
Related blog entries:
- More Bad Ads in Bing, Yahoo! Search
- Another Bing Advert to Steer Clear Of
- The Continuation of Dangerous Rogue Ads on Bing (and Yahoo)
- More Bad Ads in Bing
- Another Round of Bad Ads in Bing
- Bing, Yahoo! Search Adverts Serve Up Malware
Jovi Umawing (Thanks to Matthew)
Leave a reply