BannerPortlet

Blogs

In recent days, our Honeypot has collected some new variants of FakeAV, the malware impersonating antivirus programs. After monitoring and analyzing these variants, we have discovered a brand new scenario employed by hackers to spread this kind of malware.

Hackers have taken advantage of many forums as well as Q&A sites, most of which are the sites of Yahoo! Answers system (answers.yahoo.com), to spread malicious code:

Figure 1: One of the fraudulent answers in Yahoo! Answers

The fraudulent answers are often in the following forms:

“Anyway, I think this will help you http://answers-yahoo-z.tk”

You might find the answer here http://answers-yahoo-z.tk

Or

Try this http://answers-yahoo-z.tk

Such answers entice users to visit fraudulent websites posing as Yahoo! Answers.

Figure 2: The interface of fake website (the above image) and the real Yahoo! Answers (the below image)

You are asked to download a file which is said to contain the answer (in fact, it is a FakeAV downloader):

Figure 3:  FakeAV - Security Shield

In addition to Yahoo! Answer, hackers also take advantage of many other Q&A sites for their malware spreading campaign.

 

Figure 4: Many questions are taken advantage to spread malware

In such case, you should take caution with the answer pointing to another link so as not to be deceived by bad guys.

Trieu Minh Tuan

Malware researcher

Leave a Reply

Name (required)
Mail (hidden) (required)
Website
Text to Identify
Reload-Capcha
CAPTCHA Code *

Popup Date Time Portlet

Blogs Aggregator

Blog Category Portlet

Categories

Store Portlet

Archives

Vote Baby Portlet