New Fake AV Pages

There have been a number of changes in the world of Search Engine Optimization (SEO) poisoning attacks. I reported yesterday that there we're seeing ever more dangerous exploits using Flash and Java.We're now also finding new types of fake AV pages. While these pages are visually similar to the previous fake AV pages, the source code is very different. The Javascript code is more compact and is included inline with the HTML page.

New fake AV page

Most of these new fake AV pages are hosted on porntube-nowx.com. The spam SEO urls look different and are harder to spot because they now look like regular URLs for static HTML pages. The malicious executable associated with the attack is currently detected by 10 antivirus vendors of 40.

Interestingly, some of the hacked sites that were used to redirect users from Google to Java/Flash exploits are now used to redirect to this new fake AV page.

-- Julien

Insights and Research

New Fake AV Pages

Author

Julien Sobrier

Recommended for You

Joker Joking in Google Play

IoT in the Enterprise Report: Empty Office Edition

Targeted Attack on Government Organizations Delivers Netwire RAT

ThreatLabZ June 2021 Report: Deconstructing Kaseya Supply-Chain Attack and the Minebridge RAT Campaign

Stay up to date with the latest digital transformation tips and news.

By submitting the form, you are agreeing to our privacy policy.

Take the first steps on your transformation journey

Take the first steps on your transformation journey

English

Français

Deutsch

日本語

Subscribe and keep in touch with us!

By submitting the form, you are agreeing to our privacy policy.

©2008-2021 Zscaler, Inc. All rights reserved.