NEWS FROM THE LAB - Thursday, January 14, 2010

Haiti Earthquake: Another Rogue Rides the News Posted by Response @ 08:28 GMT

A day after the disaster that struck the Caribbean nation of Haiti, Rogue perpetrators have once again been busy with their SEO poisoning schemes. Searching for terms related to this earthquake leads to a website that installs a Rogue into the system.

It happens when an unsuspecting user searches for Haiti Earthquake details.

hai-1 (14k image)

Happily clicking the link leads to this page:

hai-2 (25k image)

Then this…

hai-3 (38k image)

And this…

hai-4 (50k image)

Wait! What's that? F-Secure?!? Nice try… We definitely don't support this malware.

After dragging the F-Secure name to its wares… It finally downloads the rogue component.

hai-5 (50k image)

Installs itself, then scares the user.

hai-6 (42k image)

Threats found? Don't believe it.

The downloader and the rogue component are already detected in the latest database updates, users would be well advised to keep their antivirus databases updated.

Response post by — Chris & Mina