November 28, 2009
Cybercriminals have wasted no time taking advantage of the news that the world's number one golfer, Tiger Woods, has been involved in a car accident outside his house in Florida.
Hackers have created webpages claiming to contain video content related to the accident where Tiger Woods reportedly crashed his car into a fire hydrant and tree as he left his home at 02:25 local time. (See screenshot)
However, if users try and watch the videos (some of which claim that Tiger Woods' marriage to his Swedish model wife Elin Nordegren was suffering difficulties because of his alleged friendship with New York City party girl Rachel Uchitel) they are taken to a fake video player page which tries to download an executable file to their computer's hard drive.
The file, called Movie_HD_Plugin_Update.40014.exe, claims to be a plugin to allow you to watch the video, but users would be very unwise to run it on their computers as it is the Troj/Proxy-JN Trojan horse.
Continued (with screenshot) here: http://www.sophos.com/blogs/gc/g/2009/11/28/hackers-exploit-tiger-woods-car-accident-spread-malware/
From SophosLabs Blog:
FakeAV ? a lesson in aggression
Those ?Antivirus System PRO? folks are up to their nasty sales tactics again. While its use of a pushy (and confusing!) yes-no no-yes dialog sequence is similar to other fake AV variants, a signature feature involves periodically opening a browser to a sketchy domain ? any of porno.org, porno.com, adult.com or viagra.com.
The tactics just get more aggressive from there. The malware hooks several system functions in memory such that;
1. An attempt to start any new process is killed with the following warning: [...]
2. Links from Windows Security Center direct you to the fake AV purchase page (depicted above)
3. You are bombarded with bogus infiltration alerts, like the following: [...]
Continued (with screenshots) here: http://www.sophos.com/blogs/sophoslabs/v/post/7618