Twilight ‘New Moon’ fans targeted for scareware and viruses

November 19th, 2009

twilghit_-newmoonblogspot-fakeTwilight fans beware. A viral marketing campaign designed to exploit your anticipation over the New Moon movie coming out tomorrow may look like normal free media you’ve come to expect on the Internet.

A scareware purveyor has been spreading bad URLs, with the help of corrupted Google search results,  having to do with the movie and its stars, according to PC Tools.

Fans are being directed to chats and blogposts  that read “Watch New Moon Full Movie.” Concurrently, the bad guys use an automated script  to fill the posts and comments with related keywords to attract more search engines.

Fake ‘streamviewer’ akin to fake Flash player

Search results for the movie then link users to stolen images from the
movie itself, convincing the fan that the movie is only one click away.

twilight_newmoon_redirect250pxBut first the fan is required to download a free video player, called streamviewer. But clicking on the download actually results in swift installation of a wormhole, called a Trojan downloader, on the fan’s harddrive.

Thus the bad guys can now load any malicious program they so choose on the PC, says Michael Greene, security analyst at PC Tools.

Thus far, the bad guys have been installing a scareware program that launches a fake security scan and tries to get the user to spend $80 for a worthless cleanup and antivirus protection.

twilight_fakescan2_250px80pxThe last time an attack of this scale and sophistication swamped the Internet was during the run up to the last Harry Potter movie, says Greene.

While the bad guys appear to be after a quick buck selling worthless security, the wormhole they set in place, stays in place, giving them the ability to use the PC as part of a botnet to spread spam, steal data and hijack Web mail, social networking and online banking accounts, says Greene.

PC Tools has watched this particular downloader pull down scareware, a botnet management program, and downloaders that connect back to multiple sites for more information and downloads, he says.

Scareware recovery and protection

michael-greene_90px1“The payload is changing all the time ,” says Greene. PC users, he says, should make sure they use an antivirus suite designed to repel this type of attack. Naturally, he recommends Spyware Doctor with Antivirus and ThreatFire.

For anyone whose PC is already hopelessly infested with scareware and/or other infectious programs, Sunbelt Software’s free deep scanning tool could be a godsend. VIPRE PC Rescue can neutralize many of the nastiest scareware promos, rootkits and keyloggers lurking on your hard drive, and bogging down your machine’s performance.

“VIPRE PC Rescue makes it easy to wipe out infections on a nearly inoperable computer, often times enabling successful repair, as well as installation of necessary security applications to prevent these infections from happening in the future,” says Eric Sites, Sunbelt CTO.

If your PC is locked up in a fake antivirus promo loop, using VIPRE PC Rescue in a safe mode boot up can at least give you back control of your machine, after which you can run other clean up tools. If your machine is just getting slower and slower, VIPRE PC Rescue can usually improve performance noticeably. For more details click here.

Screen shots courtesy of PC Tools

–Byron Acohido