Phony Antivirus on Cleveland.com Causes Problem on Site

On February 7, 2009, the US website Cleveland.com encountered technical problems when an advertisement promoting a malicious program was launched from it.

The reports state that the malware problem arose when rogue program "Antivirus 2009" pretending to be antivirus software presented itself through fake alerts and pop-ups to warn that malware had apparently infected the user's system.

The rogue program, a Trojan horse, would subsequently advise the user to download software to eliminate the malware; however, it diverts the user to a different website.

The problem emerged in the afternoon of February 7, 2009 and eventually fixed the same evening.

Meanwhile, for computer users who said that they had to manually shut their browsers to prevent further pop-ups and phony virus scans, security experts recommended that they scan their computers with a legitimate antivirus.

Moreover, initial investigation reports disclose that criminals used the similar ad network (tacoda.net) by which they installed Anitvirus 2009 pop-ups at AllRecipes.com during November 2008 to infect the Cleveland.com.

Elucidating on the Cleveland.com tripping, a well-known security consultant Dancho Danchev who works independently, posted a note via his blog that says with ad networks efficiently enabling publishers to access their networks quickly, all cyber criminals, disregarding which ad network it is, could effortlessly turn into publishers. This is the foundation of malicious advertising which enables cyber criminals to attack frequently visited websites that cannot be compromised with typical exploitation tricks.

However, Danchev advises that to keep away from such malicious advertising, ad networks need to be transparent about the measures they adopt to verify whetherthe publisher's websites are free from spreading malware or not. For e.g., a simple cross verification of the malicious domains of security software that surfaced on Cleveland.com against the Safe-browsing database of Google suggests they are already labeled as unsafe.

Security experts state that among the many US websites where malware campaigns have been launched, Cleveland.com is one. Also, the US is one of the worst countries that harbor the most malware-infested websites.

Related article: PM’s Official Web Site Targeted By Hackers

» SPAMfighter News - 2/27/2009