Alerts

Rogue AV Brings Bad News about Libya and Earthquakes

Watch out what you're clicking on while searching for news

When it comes to planting malware, the creativity of cyber-crooks seems to be endless. One heavily exploited by the Storm Worm gang, apocalyptic news headlines crawl their way into the rogue antivirus market.

If you’ve been looking for information about the current situation in Libya, you may have stumbled upon a piece of “news” claiming that “Security forces open fire on protesters in Syria, killing at least 20 people. NATO takes command of the no-fly zone in Libya.” This piece of news, although legit, has spawned thousands of pages optimized through black-hat mechanisms to deploy nothing but Rogue Antivirus apps.

Spotted earlier this month, the rogue AV involved in the attack is a spoofed version of a well-known legit antivirus. The infection vector is pretty much similar to what we’ve seen up until now: a poisoned search result leads the user to a domain hosted with free domain provider co.cc. At the other end of the connection, a script checks the referrer to see whether the user comes from a search engine result or not. If they do, they will be redirected to a fake scanner. If not, they are redirected to google.com.

Rogue AV impersonating a legit security solution

Rogue Antivirus trying to impersonate a legit antivirus solution.

This malware campaign has also been spotted on microblogging social networks where the malicious links have been concealed using short URLs. 

In order to stay safe, we recommend that you pay extra attention on the links you are clicking. If you have BitDefender Internet Security, BitDefender Total Security or BitDefender TrafficLight installed on your computer, then search results will be analyzed and, if malware is found, they get marked as harmful. Also, be careful when downloading applications and, if you need an antivirus, point your browser to your favorite vendor or check out the performance reviews offered by independent testers.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.