John Bambenek over at the Handler’s diary posted on this morning’s shameless SEO attempts to redirect news seekers to exploit pages. The end result on a successfully compromised system is a download of FakeAv (or “scareware”). Currently, its name is presented as “Personal Antivirus”:
The ThreatFire community is safe from pav.exe, and there have been a number of triggers on various versions of the file early this morning. Detection by the major AV vendors is very low to non-existent for the current variants.
Surprisingly, the Waledac and Zbot groups have been quiet on this news story so far. We’ll monitor the situation closely.