Security Insights

New Fake AV Pages

New Fake AV Pages

There have been a number of changes in the world of Search Engine Optimization (SEO) poisoning attacks. I reported yesterday that there we're seeing ever more dangerous exploits using Flash and Java.We're now also finding new types of fake AV pages. While these pages are visually similar to the previous fake AV pages, the source code is very different. The Javascript code is more compact and is included inline with the HTML page.

New fake AV page

Most of these new fake AV pages are hosted on The spam SEO urls look different and are harder to spot because they now look like regular URLs for static HTML pages. The malicious executable associated with the attack is currently detected by 10 antivirus vendors of 40.

Interestingly, some of the hacked sites that were used to redirect users from Google to Java/Flash exploits are now used to redirect to this new fake AV page.

-- Julien

Get the latest Zscaler blog updates in your inbox

Subscription confirmed. More of the latest from Zscaler, coming your way soon!

By submitting the form, you are agreeing to our privacy policy.