It is public knowledge that the Italian Prime Minister Silvio Berlusconi was hit in the face which left him with facial injuries, a broken nose and several broken teeth. The video of the attack is circulating on the Internet but at this time, if you search for them on any search engine it is possible that the resulting websites directs you to malicious websites. Blackhat SEO techniques are used to promote these websites serving Rogue software.
At the time of analysis, the first page results while searching for “Berlusconi attack videos” is shown below:
Each of these links redirects the user to a site that fakes to perform a scan, making the user believe that their system is infected with malware.
The end result would be downloading variants of rogue antivirus program such as Additional Guard, Internet Antivirus Pro Scanner and so on. ESET NOD32 Antivirus proactively detects and eliminates a variant of Win32/Statik.
This blog is courtesy of ESET's Latin America team who provided the information which resulted in the above analysis. Anyone interested in the Spanish version of this article can find it here on their blog.
Tasneem Patanwala, GREM
Author Aryeh Goretsky, ESET