Did You Know?



Reply
Community Leader
Jasper_The_Rasper
Posts: 1,062
Registered: ‎06-12-2013

What a fake antivirus attack on a trusted website looks like

Video shows how drive-by attacks turn healthy paranoia against their victims.

 

Fake Antivirus attack

 

 

 

 

 

 

 

 

 

 

 

 

 

Malware that masquerades as legitimate antivirus programs is one of the more insidious threats to plague people browsing websites. In many cases, attackers rely on simple text and graphics to trick visitors into thinking they're on the verge of a successful drive-by attack and deliver the warning under the guise of a trusted security application. People who fall for the ruse by following the advice presented in the advisory end up infecting themselves.

A recently captured video of one of these attacks in progress demonstrates why they continue to work—at least on less-experienced users who, despite their lack of savvy, know enough to be wary of online attacks. Shortly after visiting a legitimate site, the computer presents a window carrying the name of a well-known security application, in this case Microsoft Security Essentials. The window provides a plausible warning and recommends the user take immediate action to head off imminent infection. The video was shot by researchers from security firm Invincea as they browsed to the main page of Dailymotion.com.

As convincing as the attacks are to some, the video makes clear that these scams aren't usually hard to spot by people with a small amount of training. Malware warnings, for instance, should never require a user to install an executable file, as the warning in the video does. Legitimate malware warnings will also never be delivered in a browser window and should be generated only by anti-malware programs already installed. When in doubt, users who receive malware warnings should close the browser altogether and see if the pop-up window persists. Opening an antivirus program from the Windows start menu and running a scan from there is also a good move.

The advice will likely strike some readers as obvious. But for the Aunt Mildreds and Uncle Ernests of the world who are still new to the Internet—or possibly a more seasoned Internet user who is in a rush—the Invincea video may be useful.

 

Full Topic and video

Community Leader

Please use plain text.
TripleHelix
Posts: 5,340
Topics: 400
Kudos: 3,240
Ideas: 5
Registered: ‎02-03-2012

Re: What a fake antivirus attack on a trusted website looks like

Thanks Jeff and for the one's that use WSA would know to see it as we wouldn't have Microsoft Security Essentials turn on or even have it installed.

 

Daniel :smileywink:

coollogo_com-133794099.gif


asapvip.png   SigSVIP.png    Sr.Expert Advisor Jan 23 2014.png


Webroot® SecureAnywhere™ Internet Security Complete 2014 Beta Tester v8.0.4.70 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit all on VM's. 


MVP.gif.pngMicrosoft® MVP Consumer Security


New to the Community? Register now and start posting!

Please use plain text.
Community Guide
CommanderShran
Posts: 257
Registered: ‎11-11-2013

Re: What a fake antivirus attack on a trusted website looks like

Ouch! I actually visited Dailymotion on my tablet a few days ago. Were the attacks (the article said there were 2) social engineering or were there any drive-by's?

Thanks,
Shran :smileytongue:

Community Guide


Installation one: Windows 8.1 Pro. Installations two and three: Windows 7 Ultimate. Webroot SecureAnywhere Complete beta tester.

Please use plain text.
Community Leader
Jasper_The_Rasper
Posts: 1,062
Registered: ‎06-12-2013

Re: What a fake antivirus attack on a trusted website looks like

Here you are @CommanderShran this is what I have found, the relevant part is in bold, I hope it is what you are looking for.

 

Malicious Ads on DailyMotion Redirect to Fake AV Attack

 

Video-sharing site DailyMotion, one of the most popular destinations on the Web, is in the throes of an attack where it is serving malicious ads redirecting users to a fake AV scam.

Security firm Invincea reported the issue to the website, and as of 4 p.m. ET, DailyMotion was still serving the fake AV malware.

This is the second malvertising attack reported this week. Earlier, Yahoo sites in Europe were serving ads that dropped an iframe sending users to domains hosting the Magnitude exploit kit, which then seeded victims with a host of financial malware.

DailyMotion attracts 17 million monthly visitors and is the 95th-ranked website according to Alexa.

Invincea said that the malicious ads redirect to a third-party domain in Poland called webantivirusprorh[.]pl (93[.]115[.]82[.[246). According to VirusTotal, 10 of 47 antivirus products detect the threat; most detect it as a variant of the Graftor Trojan. The initial redirect, Invincea said, is loaded via engine[.]adzerk[.]net.

When the user lands on the DailyMotion home page, an invisible iframe redirects to the scam which warns the user of a critical process that must be cleaned to prevent system damage. The victim is then presented with a dialog box that offers to clean the computer of the problem. If the user agrees, they’re asked to run a file which is the malicious executable.

 

Full Article

Community Leader

Please use plain text.
New Voice
dogfish
Posts: 5
Registered: ‎02-09-2014

Re: What a fake antivirus attack on a trusted website looks like

that is the one, jasper!

Please use plain text.