Tag Archives: fake antivirus

Fakealerts Invade Google Image Search Results for ’24′ Star

Posted on by

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

Searchers beware: Those photos of celebrities or funny cat pictures that turn up in your Google image search results might not be photos at all, but fake antivirus alerts. Evidence appears to indicate that a similar scam to one we blogged about last November may be working its way up the Google food chain into other forms of search results.

While searching for photos of Annie Wersching, an actress who recently joined the cast of the TV show 24, we stumbled into one of these javascript-enabled fakealert browser traps. Oddly enough, when you click one of these bogus linked pictures in the Image Search results frame, the original Google search frame remains at the top of the page. The fakealert runs in the lower part of the page, closing the Google search pane but retaining the Google URL in the browser’s Address Bar.

Throughout the day we’ve been looking for links such as these; Each malicious URL we found funnels the browser into the same fakealert, which itself leads to the same rogue antivirus product. Each time we revisited the site, we ended up with what was essentially the same equally nasty rogue antivirus application, sometimes in a different skin, sometimes with a different name. Early in the day we were pulling down something called Total Security. By the afternoon, the tool’s name had morphed to become Security Tool.

The rogue’s behavior on an infected system is obnoxious in the extreme. It hides the desktop by covering everything over with its own wallpaper, and blocks your ability to right-click the desktop, so it’s more difficult to revert the desktop’s appearance by changing your Display Properties settings. It also disables the scroll wheel on the mouse, then blames that behavior on a massive infection it claims has taken over your PC. It prohibits most Internet-capable applications, or even tools like the Task Manager, from running, in the guise of its “firewall” component. Of course, it’s all smoke and mirrors, an attempt to convince you to spend from $50 to $90 on completely ineffective, utterly useless former-Soviet snake oil.

Continue reading

Postmortem Michael Jackson Track Dredges Rogues

Posted on by

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

20091012_jacksonAs we’ve discussed so many times in the past, search terms that include the names of celebrities make good targets for malware authors, and search terms that include the name of dead celebrities make great targets for malware authors. Now there’s a new corollary to this postulate: Search terms that include the names of dead celebrities who release new material make fantastic targets for the bottom-feeders of the malware-distribution world.

So, as you’re out there searching for the brand new Michael Jackson track, please be aware that the bad guys are using this opportunity to foist malware onto your machine. The screenshot at left is just one example of what you’ll see when you accidentally click a search result link pointing to a malicious page. The “video” pops up a warning that tells you to download and run the “movie_hd_plugin_update.40014.exe” in order to see…I don’t know, something interesting? Probably more interesting than you would like. I think by now we should all burn into our memories this precise screenshot, with its misspelled “Raiting 8/10” text near the bottom, as an obvious fake that has been repeatedly employed by distributors of rogue security products. Beware!