Search on Astronomical Events May Trigger Malicious Attack

Security experts at Trend Micro revealed that the longest 'total solar eclipse' of the century on July 22, 2009, covering several parts of Asia, not only fascinated millions of enthusiasts, including astrophysicists, astronomists and physists, but also grabbed the attention of millions of cybercriminals from around the world, as per the news published by blog.trendmicro.com on July 23, 2009.

Trend Micro's security experts marked that apparently no time was wasted by cybercriminals on capitalizing on this spectacular natural phenomenon. They made use of Search Engine Optimization (SEO) technique for redirecting innocent users to a website that peddles fake antivirus applications.

Joey Costoya, Senior Threat Researcher and the discoverer of the aforementioned malicious attack, stated that when netizens run queries about the phrase "solar eclipse 2009 in America" on leading search engines, some of the top placed websites would forward users to a malicious website bearing the domain name "antispyware-scannerv3", which hosted FAKEAV. This particular variant of fake antivirus has been identified as HTML_FAKEAV.FT by Trend Micro.

Explaining about HTML_FAKEAV.FT, Trend Micro stated that it is a malicious HTML code that is hosted on a rogue site. When executed, it shows fake alerts warning users of malicious infection. Also, it displays phony scanning results for the infected system.

The fake pop-ups, in turn, prompt users for downloading rogue antivirus software. Trend Micro has detected the downloaded file as TROJ_FAKEAV.FT. As a result of this malicious download, the affected PC regularly exhibits malicious routines of the rogue file.

In addition to this, security experts noted that the phrase "solar eclipse 2009 in America" might be confusing initially to a vigilant researcher as the longest solar eclipse of the 21st century was not at all visible in North America. An alert physicist or astrophysicist would know of the eclipse trajectory that was over India and China, and hence would not fall into the trap of cybercriminals. Although, an enthusiast might would easily fall for the trick.

The security firm revealed that this is certainly not the first instance when an astronomical event has been abused by cybercriminals to satisfy their malicious intentions. Lunar eclipse in February 2008 was used to circulate a Trojan that disguised in the form of an image of that astronomical event, recalled the firm.

Related article: Surge in Spam attack

» SPAMfighter News - 8/5/2009