Twilight Eclipse Search Results Lead to Rogue AVs

    In today’s internet era it seems that whenever the latest hot topic appears, there’s always corresponding malware or a rogue antivirus threat lurking behind it. Cybercriminals are quick to grab every opportunity they can find to infect their next victim. Previously, visiting porn sites was the main way that your computer might commonly get infected. These days malware creators don’t limit themselves to porn sites, they’re also using other techniques to connect these threats to wherever internet users search for interesting news on the latest natural disaster, sports events or other hot topic.

     As the release date of the third installment of the popular Twilight saga draws near, it is becoming increasingly interesting to malware writers. Last June 18th, the PC Tools Malware Research Centre found a variant of Rogue AV exploiting topics such as the release date, ticket release dates and soundtrack of this movie. As with the previous installment, the upcoming Twilight Eclipse movie is no exception to the latest technique of SEO-poisoning.

Sample Search results

     Internet users searching for news about the new Twilight movie may stumble upon search results like these – and clicking one of the highlighted results will redirect you to a fake antivirus site.

Sample Redirection

     Once users click on the malicious search result, they are redirected to a rogue antivirus site where a fake alert will pop up. This incorrectly informs the victim that their computer has been infected with malware and in what appears to look like a genuine Windows security alert, offers next steps for the user. The following are examples of how these appear:

     When the user decides to proceed by accepting the ‘protection’ which is on offer, the download, installation and execution of the rogue antivirus comes next.

     Internet users are encouraged to be vigilant when visiting sites that appear in internet searches for popular news topics, even when they come from a known source.

     PC Tools Spyware Doctor with AntiVirus coupled with PC Tools Browser Defender technology detects and blocks this malware and alerts users to websites hosting web threats that are using the technique mentioned above. It is recommended that users make sure their software is up-to-date by using Smart Updates, and that Behavior Guard is enabled to help ensure they are fully-protected against both current and new or unknown web threats.

This entry was posted in Malware Alerts. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>