CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 26th, 2011

ICQ Ads Infect Users With Scareware Via Malvertizing

Scareware distributors have managed to push rogue antivirus advertisements onto the ICQ network by posing as a known clothing retailer.

According to Roel Schouwenberg, senior antivirus researcher at Kaspersky Lab, the security vendor began receiving numerous reports of infections with a piece of scareware called Antivirus 8 recently. Upon investigating the problem, Kaspersky’s researchers realized that fake antivirus popups were being displayed on people’s desktop even when they were not using their browsers.

The rogue ads were tracked down to running instances of the ICQ instant messaging application which has its own internal advertising mechanism. When investigating the ICQ advertisements, experts found that one of them was loaded from [censored]charlotterusse.eu, a domain name that, at first glance, seems to be related to clothing retailer Charlotte Russe.

The use of a known brand name in their malvertizing campaign helped scareware distributors in several ways.

First, it allowed them to get their malicious ads onto the ICQ network and second, make it seem as if Charlotte Russe’s own server was compromised if the scheme was discovered.

“By making it look like their server got compromised, the criminals can claim it isn’t them who’s responsible for distributing the malware. But rather someone else who hacked their server to spread malware.

“The ad distributor is very likely to simply give them a warning, which gives these criminals at least one more shot at infecting more machines,” Mr. Schouwenberg explains.

The practice of posing as legit advertisers in order to push malicious popups via ad networks is common. In December last year cyber criminals managed to get malicious ads onto Google-owned DoubleClick and MSN.

People are advised to always run an up-to-date antivirus program on their computer and ignore alerts about infections if they don’t originate from it.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Spotify.com Software Hit By Malicious Third-party Advertisements, Around 9 Million Users Affected
  • Malicious Adobe Flash Ads Hit High-Profile Websites
  • ICQ 6 Personal Status Processing Vulnerability
  • MLB.com Major League Baseball Website Infected Visitors Through Ads
  • Tucows Falls Victim To OpenX-Based Malvertizing Attack After The Pirate Bay, eSarcasm And AfterDawn

    • Posted in Breaches And Incidents, Cybercrime, Malware, Scams, Software, Windows | Print This Post Print This Post

    This entry was posted on Wednesday, January 26th, 2011 at 2:37 pm and is filed under Breaches And Incidents, Cybercrime, Malware, Scams, Software, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: ICQ Ads Infect Users With Scareware Via Malvertizing

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »