1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Users Infected With Scareware Via Icq Malvertizing

Discussion in 'Security Updates' started by starbuck, Jan 26, 2011.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    . Scareware distributors have managed to push rogue antivirus advertisements onto the ICQ network by posing as a known clothing retailer.

    According to Roel Schouwenberg, senior antivirus researcher at Kaspersky Lab, the security vendor began receiving numerous reports of infections with a piece of scareware called Antivirus 8 recently.

    Upon investigating the problem, Kaspersky's researchers realized that fake antivirus popups were being displayed on people's desktop even when they were not using their browsers.

    The rogue ads were tracked down to running instances of the ICQ instant messaging application which has its own internal advertising mechanism.

    When investigating the ICQ advertisements, experts found that one of them was loaded from [censored]charlotterusse.eu, a domain name that, at first glance, seems to be related to clothing retailer Charlotte Russe.

    The use of a known brand name in their malvertizing campaign helped scareware distributors in several ways.

    First, it allowed them to get their malicious ads onto the ICQ network and second, make it seem as if Charlotte Russe's own server was compromised if the scheme was discovered.

    "By making it look like their server got compromised, the criminals can claim it isn't them who's responsible for distributing the malware. But rather someone else who hacked their server to spread malware.

    "The ad distributor is very likely to simply give them a warning, which gives these criminals at least one more shot at infecting more machines," Mr. Schouwenberg explains.

    The practice of posing as legit advertisers in order to push malicious popups via ad networks is common. In December last year, we reported about an attack where cyber criminals managed to get malicious ads onto Google-owned DoubleClick and MSN.

    People are advised to always run an up-to-date antivirus program on their computer and ignore alerts about infections if they don't originate from it.



    Source:
    http:/ ews.softpedia.com ews/Users-Infected-with-Scareware-via-ICQ-Malvertizing-180516.shtml
     
    Last edited by a moderator: Feb 4, 2014
    starbuck, Jan 26, 2011
    #1

Share This Page