Massive Earthquake in Chile Leads to a Surge of Rogue Antivirus
A massive earthquake struck near the Chilean city of Concepcion in the early hours of the morning of February 27th, 2010. The quake measuring 8.8 on the Richter scale was considerably stronger than the one that recently caused widespread destruction on the island of Haiti. Fortunately, despite the size of this latest quake, so far there has been few reported casualties. The quake occurred near the coast and tsumani warnings were issued for many countries bordering on the Pacific ocean. Unfortunately as with any major news event, miscreants are not slow to pounce when such opportunities arise to further their aims.
Search engine results returned for terms such as “Chile Earthquake” are being poisoned to lead users to rogue antivirus web sites.
Visiting the URLs show the all too familiar fake online scan page such as the following:
Notice that this fake scan window was actually presented inside a Firefox browser window but the fake scan window says I'm using IE 7.0, I guess the people behind this particular scam slipped up a bit on this minor point.
After the fake scan is complete or if you try to navigate away from the page, you are offered the obligatory download of files with various filename such as packupdatebuild[RANDOM NUMBER]_[RANDOM NUMBER].exe or inst.exe. These are being detected by Symantec as Trojan.FakeAV or VirusDoctor. In addition our IPS detections are also effective at preventing the fake scan pages from being loaded in the first place. While we can’t protect you from earthquakes or tsunamis, we can at least help you avoid another wave of damage to your computer and your wallet following disasters of this type.