Cyber-crooks use Cory death to spread malware


Posted at Aug 05 2009 04:03 PM | Updated as of Aug 06 2009 12:03 AM

MANILA - Days after former Philippine president Corazon Aquino's death, cybercriminals are capitalizing on the surge in online searches for news about Aquino by leading them to sites that download malicious software.
Internet security firm Trend Micro said cybercriminals are using popular and high interest events to further spread a Trojan program identified as TROJ_FAKEALRT.FK. The Trojan arrives as a file dropped by other malware and may be downloaded unknowingly by a user when visiting malicious Web sites.

Trend Micro threat analyst Joseph Pacamarra said searching for details on Aquino's death with the words “corazon aquino’s death” led users to the following malicious sites:

    * https://{BLOCKED}
    * https://{BLOCKED}
    * https://{BLOCKED}rank.0adz/corazon-aquino-death.html
    * https://{BLOCKED}

Clicking on any of the links would lead one to the same Web page, which is hosted on different domains possibly to avoid detection. The redirections from the links eventually lead to a download of a fake antivirus program that contains the Trojan.

Trend Micro said cybercriminals have often latched on to high profile searches to entice unwitting Web users to download the fake antivirus program. It said cybercriminals capitalized on news about Farrah Fawcett's death, the A (H1N1) pandemic and the recent solar eclipse to lure Internet users to visit malicious sites.