We told you to watch out, didn't we? (see Randy's blog at http://www.eset.com/threat-center/blog/2009/10/23/this-is-the-funniest-video-ever). But it's not just Michael Myers, zombies and vampires you need to watch out for. It's also Funny Halloween Costumes, Harvey Milk, Pumpkin Carving Stencils, candy, Pokemon, and McDonalds Monopoly online.
Yes, the fake/rogue AV gang have started on their Halloween special, and this time it's… well, it's the same old SEO (Search Engine Optimization) poisoning ploy. Right now, after a very interesting conversation with Juraj Malcho, head of our lab in Slovakia, I'm looking through a list of keywords currently being used by a particularly prolific Black Hat SEO campaign which has been updated to reflect the sort of stuff that people – and certainly American people - are likely to be searching for at this time of year.
I'm looking through a list of thousands of words and phrases, so I'm not going to list them all here: I don't suppose you'd read it from top to bottom if I did. However, if you use common search engines like Google to look for terms like those above and a great many others, you're likely to find a lot of links at the top of the results lists that lead you to fake security software. This claims to find imaginary malware on your system, with the ultimate intention of defrauding you of money and possibly of harvesting your credit card details, for example.
Many of the search terms I'm looking at here relate to fairly specific stuff like halloween costumes; lots are fairly generic but have the word Halloween added (often at the start of the term, but not invariably); some don't relate to Halloween at all, as far as I can see; and some are just bizarre. ("Halloween originated in mt kilamanjaro (sic)")
So much for the social engineering aspect: what about the malware? Juraj has been checking samples, and most of is already covered by our generic detections. There'll be more specific naming in our next update. Of course, we'd expect the bad guys to do some tweaking as their campaign develops, to try to regain the advantage, so you can't assume that anti-virus products, even those with good proactive detection (like ours!) will catch everything.
Anti-virus is a useful layer of protection against threats like this, but we can't always save you from your own lack of caution. If you're looking for Halloween-related material, you might want to check out my previous blog at http://www.eset.com/threat-center/blog/2009/10/24/fake-anti-malware-blurring-the-boundaries for other resources that will tell you more about fake security programs.
[Particular thanks to Sean-Paul Correll and Patrick Mullen for spreading the word on this.]
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, We Live Security