July 24, 2009

Malware served up thanks to solar eclipse

In a reprise of an old trick -- leveraging celestial events -- cybercriminals are using search-engine optimization poisoning to attract victims to a rogue software site, Trend Micro researchers said Thursday.

When a user seaches for information on the recent solar eclipse, the results may contain links to scareware-hosting sites. The ruse is not the first to capitalize on heavenly events. For example, after a blood-red lunar eclipse in February 2008, hucksters tried to lure users into downloading malware onto their systems.

In a post on the TrendLabs Malware Blog, senior threat researcher Joey Costoya, who is credited with discovering the attack, described how the the latest scam works:

“When users query the phrase ‘solar eclipse 2009 in America' in popular search engines,” according to the post, “certain top ranking sites would redirect users to a malicious site under the domain name antispyware-scannerv3,” which is where the malware is hosted.

Wednesday's eclipse, with a trajectory over China and India, was the longest total solar eclipse of the 21st century.


Courtesy: Trend Micro

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.