As people look for information or video online, it’s important that they understand that cyber-criminals may be using this opportunity to find more victims. This is just another example of how cybercriminals capitalize on global events or major news stories with wide consumer interests, events that are lucrative markets for cybercriminals. Other recent examples are Swine Flu and the release of Harry Potter and the Half Blood Prince.
The longest solar eclipse in the last century occured in July 2009 across Asia attracting a significant amount of media, user and therefore cybercriminal interest.
Feeding off the intense interest, innocent users have been attacked as they view search results about the eclipse.
In one example, on the 21st of July 2009, searching ’solar eclipse 2009 time’ yielded search results that led to the download of a fake Antivirus program.
When the user clicked on the link in Google, they were redirected to http://[....]ever.cn/go.php?id=2010-10&key=b8c7c33ca&p=1 which then was redirected further to http://[....]scannerv2.com/1/?id=2010-10&query=b387f2133&q=%3 which is the fake Antivirus Page.
After two days, the malicious domain is still in the top 10 of Google search results; luckily the domain it redirects to is no longer available.
In a second example, the same search query shown below produces a result whose selection causes the display of an image. The image appears to be a movie ready to be played. However, upon clicking on this image a malicious download Trojan.FakeAlert is initiated.
Details of Trojan.FakeAlert
PC Tools Threat Expert analysed the downloaded file as follows:
Trojan.FakeAlert will hijack the desktop background with an image alerting the user that their computer system has been infected with spyware. It also changes some settings of Windows® which include:- disabling permissions for the user to change the background image and setting the active desktop to ’show web content’. It is usually installed in conjunction with a rogue anti-spyware application.