Win.rar, the official publisher of the WinRAR compression program, and RARLAB products has issued a warning to users of fake Google AdWords. It seems Win.rar had been informed that someone has fraudulently placed Google AdWords in the company's name, directing users to a faked Download.com page. This page offers a 'modified' WinRAR installation file (winrar.exe). The motive, according to Win.rar's officials is to offer an anti-spyware solution, after infecting the victim's PC with malware, through a another link.
The modified WinRAR setup file contains malware, which when installed is executed and opens a pop-up every minute with the content 'intervalhehehe'. The user will instinctively try to Google this text, and find forum entries which confirm the problem and through a manipulation of the local host file (LMHOSTS), the user will be directed to a counterfeit page of the 'Microsoft Security Center'. This page offers a free scan. The free scan will reveal an attack by "intervalhehehe" — since this whole process is manipulated — and offer an anti-spyware solution for Euro 39.95 from the fake IT security firm.
You can find more details on the scam on Websense with screenshots
This is quite a long, drawn out 'attack', which pre-empts a user's actions on getting infected. The problem, according to Win.rar Gmbh is that anyone can place Google Adwords for other companies which are usually not checked for accuracy or authenticity. When a site is blocked, another one will appear and take its place.
No comments:
Post a Comment