Rogue Anti-Malware Exploiting Athens Fire

Cristian Borghello, Technical and Education Manager at ESET Latin America, tells us that they’ve noted quite a few sites that pretend to provide information on the fire crisis in Athens, Greece, but actually download malware onto the user’s PC. (Mistakes in translation are down to DH!)

The criminals are using Black Hat SEO (Search Engine Optimization) techniques such as keyword stuffing and hidden text so that search engines will present their sites at or close to the top of the listings in response to keyword searches relating to the fires.

If the user enters one of these sites, he will be redirected through several domains and, in the last of them (http://removeallthreat [ELIMINATED] .com) he will  end up downloading malware of the rogue antimalware type that ESET products detect as Win32/Adware.Antivirus2009

As can be seen in a screen dump shown in the ESET Latin America blog page at, several intermediate sites exist that are only used to trick the search-engine and the user into accessing the final page, which always contains malware. 

The bad guys make very frequent use of these techniques, using topical events that attract the attention of the media and people in general as social engineering bait to reel in their victims.

Overnight, ESET Latin America have found other domains that use the same techniques and download similar malware: 

  • removeallthreat [ELIMINATED] .com
  • removepc [ELIMINATED] .com
  • scan-my-PC [ELIMINATED] .com
  • remove-PC [ELIMINATED] .com
  • homevirus [ELIMINATED] .com
  • scan-your-PC [ELIMINATED] .com

ESET Latin America advise caution in accessing sites purporting to offer topical information and look out for these particular domains: if possible, block traffic from these sites using firewalls and proxies.

Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled):
ESET Threatblog notifications on Twitter:
ESET White Papers Page:

Securing Our eCity community initiative:

Author David Harley, ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.