Eight years ago, on this same day, the entire world was about to witness in shock one of the most deadly terrorist attacks in history – the September 11 attacks on the United States. Security researchers warn that online criminal groups have already made a move to capitalize on people's interest in this important remembrance day.
As it became common practice in recent times, this cyber-attack is carried out by means of black hat search engine optimization (BHSEO) techniques. This method involves poisoning search results with malicious links by artificially inflating a Web page's rank in search engines.
"Users searching for any reports related to September 11 may find themselves stacked with Google search results that lead to a rogue AV malware detected by Trend Micro as TROJ_FAKEAV.BOH," Jessa De La Torre, threat response engineer at Trend, warns, adding that "TROJ_FAKEAV.BOH may arrive on the system as Scanner-7c545a_2031.exe."
Fake antivirus software, also known as scareware or rogueware, apply scare tactics in order to trick victims into paying for a useless license. In general, some sort of warning or alert will be displayed to the user falsely claiming that multiple threats have been detected on their system. The rogue programs then claim that a license must be acquired in order for them to clean the bogus infections.
From the screenshot of poisoned search results provided by Trend, it looks that the criminals behind this campaign have hijacked a flurry of keywords and text from legit sources. The results leading to malicious websites appear to be offering a wide range of information related to the September 11 attacks from rare footage, images and media coverage from 2001 to articles regarding new memorial monuments.
"The people behind FAKEAV still show no sign of slowing down. With the holiday season coming up, users are also advised to refrain from visiting unknown sites returned in Search Engine results and rely on reputable news agencies instead," the Trend Micro researchers advise.