New Fake AV Pages

There have been a number of changes in the world of Search Engine Optimization (SEO) poisoning attacks. I reported yesterday that there we're seeing ever more dangerous exploits using Flash and Java.We're now also finding new types of fake AV pages. While these pages are visually similar to the previous fake AV pages, the source code is very different. The Javascript code is more compact and is included inline with the HTML page.

New fake AV page

Most of these new fake AV pages are hosted on porntube-nowx.com. The spam SEO urls look different and are harder to spot because they now look like regular URLs for static HTML pages. The malicious executable associated with the attack is currently detected by 10 antivirus vendors of 40.

Interestingly, some of the hacked sites that were used to redirect users from Google to Java/Flash exploits are now used to redirect to this new fake AV page.

-- Julien

Join us for the Spring 2021 Series. Register Today

Insights and Research

New Fake AV Pages

Author

Julien Sobrier

Recommended for You

Return of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures

Discord CDN: A Popular Choice for Hosting Malicious Payloads

Did COVID Cancel Christmas for Cybercriminals?

DreamBus Botnet – Technical Analysis

Stay up to date with the latest digital transformation tips and news.

By clicking the submit button, you are agreeing to our privacy policy.

Take the first steps on your transformation journey

English

Français

Deutsch

日本語

Subscribe and keep in touch with us!

By clicking the submit button, you are agreeing to our privacy policy.

©2008-2021 Zscaler, Inc. All rights reserved.