"Most Recent Earthquake in Japan" Searches Lead to FAKEAV
March 11, 2011 2:58 am | by Norman Ingal (Threat Response Engineer)
Unsurprisingly, we saw blackhat SEO attacks almost immediately after an 8.9 magnitude earthquake affected Japan, which was followed by a tsunami, causing massive damage to affected areas.
We immediately monitored for any active attack as soon as news broke out. True enough, we saw Web pages that have been inserted with keywords related to the earthquake. One of the active sites that we saw used the keyword "most recent earthquake in Japan" that led to FAKEAV variants we currently detect as MalFakeAV-25.
Research: Robert Cazares