14 DAY TRIAL // Scareware distributors have managed to push rogue antivirus advertisements onto the ICQ network by posing as a known clothing retailer.
According to Roel Schouwenberg, senior antivirus researcher at Kaspersky Lab, the security vendor began receiving numerous reports of infections with a piece of scareware called Antivirus 8 recently.
Upon investigating the problem, Kaspersky's researchers realized that fake antivirus popups were being displayed on people's desktop even when they were not using their browsers.
The rogue ads were tracked down to running instances of the ICQ instant messaging application which has its own internal advertising mechanism.
When investigating the ICQ advertisements, experts found that one of them was loaded from [censored]charlotterusse.eu, a domain name that, at first glance, seems to be related to clothing retailer Charlotte Russe.
The use of a known brand name in their malvertizing campaign helped scareware distributors in several ways.
First, it allowed them to get their malicious ads onto the ICQ network and second, make it seem as if Charlotte Russe's own server was compromised if the scheme was discovered.
"By making it look like their server got compromised, the criminals can claim it isn't them who's responsible for distributing the malware. But rather someone else who hacked their server to spread malware.
"The ad distributor is very likely to simply give them a warning, which gives these criminals at least one more shot at infecting more machines," Mr. Schouwenberg explains.
The practice of posing as legit advertisers in order to push malicious popups via ad networks is common. In December last year, we reported about an attack where cyber criminals managed to get malicious ads onto Google-owned DoubleClick and MSN.
People are advised to always run an up-to-date antivirus program on their computer and ignore alerts about infections if they don't originate from it.
