PhoenixDzine

In January we published the first of our malware wallpaper calendars. Here’s the latest wallpaper.

1280×800 | 1680×1050 | 1920×1200 | 2560×1600

Hopefully you’ll find it eye-catching and it gives you the chance to see at-a-glance some of the significant malware-related events from the past.

TV Series such as “The Simpsons” are hugely popular and have hundreds of thousands of fans around the world. Unlike “Southpark” – another hugely popular series – not all of them are freely available on the web though. As such, there is a high demand on the web for such episodes and as usually happens, scam tactics appear around them. Here’s one such example that we have seen recently on the popular website Dailymotion:

Over the last few days, we received numerous reports of computers infected with fake anti-virus (scareware). The name of this particular culprit is Antivirus 8.

The interesting thing about these cases is that the users were getting fake anti-virus browser pop ups while not actively using the computer. During our research we noticed that these pop-ups would appear right when ICQ was fetching/displaying new ads.

I installed ICQ and noticed the following after letting it run for a couple of minutes to fetch ads:

This page is hosted on [snip]charlotterusse.eu.

Going by the added iframe, it looks like this store’s ad server was hacked, right? Not quite. I did some digging around and found that none of these servers – other than charlotterusse.com – are actually related to this brand of clothing.

This means that somebody went through the trouble of pretending to be this store. This is done to make sure the ad distributor will actually run the campaign, as these distributors frequently get approached by fraudsters.

However, what makes this case particularly interesting is that the bad guys make it seem like their server got hacked. By making it look like their server got compromised, the criminals can claim it isn’t them who’s responsible for distributing the malware. But rather someone else who hacked their server to spread malware. The ad distributor is very likely to simply give them a warning, which gives these criminals at least one more shot at infecting more machines.

This is another example of how trusted programs can be a used to attack computers. It goes to show that anti-malware protection is needed no matter what the circumstance.

We’ve sent a notification to yieldmanager, who is the ad distributor in this case. We’ve not heard back from them at the time of writing.

Kaspersky Security Network is an integral part of Kaspersky Lab technology. With its ‘cloud’ architecture KSN automatically detects and blocks unknown malware and infected/dangerous websites, filters spam, protects children from unwanted content and lots more.

Our aim is for users to always have as full a picture as possible of the current threat landscape around the world. That’s why we have come up with the Irida screensaver. It displays statistics about the latest threats that have been detected and blocked using KSN and is updated every 12 hours.

Install our screensaver and discover the full potential of Kaspersky Security Network!

Download at: http://irida.kasperskyclub.com/scr.zip