John Bambenek over at the Handler’s diary posted on this morning’s shameless SEO attempts to redirect news seekers to exploit pages. The end result on a successfully compromised system is a download of FakeAv (or “scareware”). Currently, its name is presented as “Personal Antivirus”:

The ThreatFire community is safe from pav.exe, and there have been a number of triggers on various versions of the file early this morning. Detection by the major AV vendors is very low to non-existent for the current variants.

Surprisingly, the Waledac and Zbot groups have been quiet on this news story so far. We’ll monitor the situation closely.

This entry was posted on Friday, July 17th, 2009 at 12:32 pm and is filed under Exploit, FakeAlert, Rogueware, Social Engineering. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.