Authentium Virus Blog

The Fake AV Gang is now taking advantage of the recent disasters in the Philippines. The Philippines has been hit with Typhoon Ketsana (Ondoy) followed by the Typhoon Parma (Pepeng), which has brought serious flooding in the Philippines. Searching for the key words “philippines-flood-2009� on Google and Yahoo Search Engine gives the following results:

Clicking the link will redirect the user to a fake alert message, just like one of the following:

Users will not be able to close these messages, clicking the OK, Cancel or “X� Button will still go to a fake malware scanning page that will eventually report fake infections, and downloads the binary files as shown below:

We detect the files downloaded from the aforementioned malicious links as W32/FakeAV.NJ and W32/FakeAV.NK.  The downloaded files will install Rouge Anti-Malware Products.

As a reminder, don’t run files downloaded from untrusted source.

This entry was posted on Tuesday, October 6th, 2009 at 11:14 am and is filed under Interesting Virus Activity, Potentially Unwanted Applications, This and That. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.