A Kaspersky researcher has discovered a fake antivirus warning linked to ads on ICQ, which is popular in Russia and Eastern Europe.
The ad that showed up in the ICQ window was for a women's clothing company called Charlotte Russe and clicking on the ad directs to the company's Web site, said Roel Schouwenberg, a senior antivirus researcher at Moscow-based Kaspersky.
Around the same time the ad was displayed another pop-up appeared in a new browser from "Antivirus8," that said suspicious activity was detected on the system and it encouraged the user to download the program, which is not a legitimate antivirus product, Schouwenberg told CNET.
The malware attack is interesting for several reasons. The rogue antivirus "scareware" appears without the user doing anything that normally triggers such pop-ups, such as clicking on malicious links in search results, he said. The attack also does not appear to have an exploit included in it; just the social-engineering aspect in which the user is lured into downloading supposed antivirus protection that is totally unnecessary, he added.
In addition, the ad image related to the fake antivirus pop-up is hosted on a server that appears to be unassociated to the retail company, according to Schouwenberg. "This means that somebody went through the trouble of pretending to be this store" to get the ad server yieldmanager to approve and run the ads, he wrote in a blog post.
"They put in quite a lot of effort to seem legitimate," he said. "Attacking yieldmanager successfully and having fake anti-virus in the ICQ ads...is something that is very high level and hard to achieve."
Schouwenberg speculated that there could be two fraud gangs associated with the attack-- one responsible for the fake antivirus portion and the other responsible for getting the malware to be distributed via the ads on ICQ.
Kaspersky reported the problem to yieldmanager, which is owned by Yahoo. Right Media, which operates yieldmanager, did not respond to an e-mail from CNET seeking comment.