14 DAY TRIAL // Security researchers warn that the recent, total solar eclipse has been used by cybercrooks as an opportunity to infect unwary users with rogueware. People searching for the keywords “solar eclipse 2009 in America” are most likely to stumble over malicious pages.
The total solar eclipse that took place this Wednesday, 22 of July, was the longest of the 21st century and will be surpassed only in June 2132. At the same time, it will probably remain the most watched one as well, because it appeared across Southeast Asia, including China and India, the world's biggest countries in terms of population.
The event attracted massive tourist interest in the region and, as expected, also generated a fair amount of Internet search traffic. The problem, however, is that cybercriminals are watching the search engine trends and don't miss the opportunity to take advantage of occurences such as this one.
Security researchers from antivirus vendor Trend Micro warn that this solar eclipse was no different in that respect. “Cybercriminals wasted no time in riding on the said phenomenon as they use SEO poisoning to lead users into redirecting to a site peddling rogue antivirus software (FAKEAV),” Roland Dela Paz, threat response engineer at Trend, advised.
Most of the bogus results are returned for search strings that contain “solar eclipse,” “2009” and “America” together. This eclipse could not be observed from the U.S., but there is, likely, a considerable amount of people who were not aware of this fact or others who were looking for future eclipses that might be watchable from the States.
When visiting the malicious links displayed in search results, a JavaScript alert will bring to users' attention that their computer might be infected and a scan is recommended. Choosing to scan the computer will display a fake scanning process inside the browser window, which, when finished, claims that fictitious infections have been found.
Choosing to repair these false problems will ask visitors to acquire a useless license for a software called “Windows Web Security.” Obviously, this application, which is detected as HTML_FAKEAV.FT by Trend Micro products, has nothing to do with security and its purpose is only to generate illegal income for the cybercrooks, who prey on novice users.