In recent days, our Honeypot has collected some new variants of FakeAV, the malware impersonating antivirus programs. After monitoring and analyzing these variants, we have discovered a brand new scenario employed by hackers to spread this kind of malware.

Hackers have taken advantage of many forums as well as Q&A sites, most of which are the sites of Yahoo! Answers system (, to spread malicious code:

Figure 1: One of the fraudulent answers in Yahoo! Answers

The fraudulent answers are often in the following forms:

“Anyway, I think this will help you”

You might find the answer here


Try this

Such answers entice users to visit fraudulent websites posing as Yahoo! Answers.

Figure 2: The interface of fake website (the above image) and the real Yahoo! Answers (the below image)

You are asked to download a file which is said to contain the answer (in fact, it is a FakeAV downloader):

Figure 3:  FakeAV - Security Shield

In addition to Yahoo! Answer, hackers also take advantage of many other Q&A sites for their malware spreading campaign.


Figure 4: Many questions are taken advantage to spread malware

In such case, you should take caution with the answer pointing to another link so as not to be deceived by bad guys.

Trieu Minh Tuan

Malware researcher

Leave a Reply

Name (required)
Mail (hidden) (required)
Text to Identify

Popup Date Time Portlet

Blogs Aggregator

Recent Posts

Blog Category Portlet


Store Portlet


Vote Baby Portlet