Pacquiao-Margarito Fight KOs users with Fake AV

by

November 13, 2011, Saturday – The world will once again witness two of world boxing’s greatest fighters trading punches in the ring to see who’s the toughest and who will be win the WBC Super Welterweight World Title.  For those of you who are not boxing aficionados, more info about Pacquiao (winner of 8 major world titles and named as the Fighter of the Decade for years 2000-2009 by the Boxing Writers Association of America) is available here

Peddlers of Fake AV once again see this as a good opportunity to infect computers over the internet via Search Engine Optimization (SEO) poisoning attacks.  The infection delivers fake system alerts designed to fool users into buying fake antivirus products (providing a neat source of income to Fake AV gangs).

Searching for the keywords “Pacquiao-Margarito Fight” on Google gives the following results:

The link redirects differently depending on the Web browser type as well as operating system.  If you’re using a web browser other than Internet Explorer or Firefox for Windows then you’ll be redirected to the site “hxxp://adobefeatures .CC” which shows the fake Adobe Flash Player update seen below:

Clicking any button will result in the page insisting you download and install the fake Flash Player update named “v11_flash_AV.exe”. This malicious file is detected by Commtouch’s Command Antivirus as W32/FakeAV.BAU.

Users of Firefox will be redirected to the site “hxxp://lazyfirefox .CC” which is temporarily unavailable as of this writing.

Users of Internet Explorer will be redirected to pages with fake system messages such as these:

Clicking any button will still take users to fake scanning pages – a common method used by fake antivirus to force users to download and execute various malicious files.  Fake scan results are shown below:

The Command antivirus detects the downloaded file “inst.exe” as W32/FakeAV.BAV

Lastly, I will add that MAC or LINUX users are lucky since they only get redirected to the site “feeds.feedburner.com/goodnewspic” which has no malicious content.

Enjoy the fight!

Go back