September 24, 2009, 7:16 AM — Hackers whose goal it is to spread FAKEAV malware are finding new and different ways to help it infect as many Web users as possible.
FAKEAV, which installs itself on users’ PCs by splashing a screen saying their PCs are infected with a virus and coercing users to click (or not, in some cases), has become widespread because the hackers leveraging it are using search-engine optimization strategies to find the most-read pages on the Internet in which to embed links to the malware.
Now, according to a post on Trend Micro’s blog, hackers are burying FAKEAV behind bogus sponsored links that show up on Microsoft’s Bing and the AltaVista search engine, as well as others.
When users search on the string `malwarebytes,’ looking for the free antivirus product, a sponsored link comes up that points to an executable file named MalwareRemovalBot.exe-1, which Trend Micro discovered in TROJ_FAKEAV.DMZ.
Once executed, users get the now-familiar screen saying that their system is infected with files that don’t actually exist. And the fun begins.
Do you tweet? Follow me on Twitter here.
