Trend Micro Detects New Malware FAKEAV JS_AGENT.AOEQ

Trend Micro, an Internet security company, has forecasted during early 2010 that malware purveyors and other cyber criminals would devise more blatant and stubborn campaigns to deceive individuals and organizations to hand over their money during 2010.

The forecast appears to be proving true as new fake antivirus programs have been detected. According to TrendLabs (Trend Micro's support center), distributors of malicious programs are contaminating genuine websites with destructive JavaScript, as reported by Tradearabia on January 25, 2010.

Based on an analysis by TrendLabs, the JavaScript is a malware identified as JS_AGENT.AOEQ. After execution, this malware utilizes a defer attribute that helps it to postpone launching its regular - diverting the user to a number of malevolent websites. The purpose is to make users unsuspicious of an infection being done.

In case a user goes to a malware-ridden website, his system is hijacked and the destructive JavaScript exhibits a bogus warning that malware has infected the system. This bogus alert is to lure the user to purchase a 'Security Tool,' which is actually a fake AV so that he can apparently remove the infection. Consequently, users hand over their credit card or financial particulars to the crooks whose original aim is to acquire those details.

Nick Black, Technical Manager of Trend Micro (Mediterranean Middle East and Africa) said that modern cyber criminals were creating new malicious programs and techniques with the aim to frighten Internet users to purchase bogus items and hand over their financial and other personal data, as reported by Tradearabia on January 25, 2010.

Black further said that the use of Internet across the Middle East was growing. Consequently, people there were being increasingly exposed to malware distributors' attacks.

The Trend Micro specialists point out that during 2009 alone, over 50 attacks related to FAKEAV were reported. Thus, it is evident that FAKEAV trading has escalated and cyber criminals have the potential to exploit it further.

However, to avoid FAKEAV-related attacks, Trend Micro suggests that users should block all domains, which are related to such malicious attacks. Furthermore, they should deploy up-to-date security software, while web-administrators should reset their File Transfer Protocol credentials.

Related article: Trend Micro Detects Spam Mail Declaring World War III

» SPAMfighter News - 2/1/2010