Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/19/2010
08:53 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Hackers Using the Final Episode Of "Lost" To Spread The MySecurityEngine Fake Antivirus

Recent death of rock singer Ronnie James Dio is also being used to distribute fake antivirus programs

ORLANDO, Fla. May 19, 2010 – – PandaLabs, Panda Security’s antimalware laboratory, has in the last few hours, detected the proliferation in search engines of numerous Web pages distributing the MySecurityEngine fake antivirus. The ‘bait’ used in this case has been the much anticipated final episode of the popular ABC series “Lost.”

There is nothing new about the way this infection operates. When someone searches for information relating to this series on the Internet, such as news on the final episode or how to view it via streaming video, fake Web pages which have been expertly indexed to appear in the leading positions among the results are listed (image available at: http://www.flickr.com/photos/panda_security/4621101704/). If users click these links, they will be prompted to accept the download of a file, such as a codec, and the fake antivirus will be installed on the computers (image available at: http://www.flickr.com/photos/panda_security/4621101736/).

PandaLabs has also discovered that in addition to “Lost,” similar techniques to lure potential victims have been detected with other popular shows and searches including “Glee,” “The Family Guy” and the recently released film, “Iron Man 2.”

The recent death of the Rainbow and Black Sabbath rock singer, Ronnie James Dio, has also been exploited by hackers to deploy a powerful Black Hat SEO attack across the Web.

According to Luis Corrons, Technical Director of PandaLabs, “What continues to surprise us is the speed with which the numerous websites are created and then indexed and positioned on the Internet. As the screening of the final episode of “Lost” approaches we expect the number of malicious links to double or triple.”

With this in mind, PandaLabs recommend users (particularly fans of the series) to be wary when visiting websites through search engines, and try to make sure the pages they visit are reliable. If users should be directed to fake websites, it is essential that no downloads are accepted. “Using your common sense and having good up-to-date protection installed are the two best ways of staying safe from these threats,” adds Corrons.

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of Collective Intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions.

Currently, 99.4 percent of malware detected by PandaLabs is analyzed through this system of Collective Intelligence. This is complemented through the effort of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), working 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com.

For more information, visit http://www.pandasecurity.com/.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18178
PUBLISHED: 2021-05-18
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
CVE-2020-20214
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
CVE-2020-20222
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20236
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20237
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.