Cyber criminals cash in on Korea clashes
Search requests related to Korean border incident hijacked by fake AV scammers
Cyber criminals are already attempting to cash in on yesterday's clashes between North and South Korea, according to Trend Micro.
The security company reports that within several hours of the cross-border incident, search results related to the subject of the clash, had been poisoned by scammers.
Hijacks were detected for both English and Korean languages.
The hijacked search results direct users, depending on browser to a fake ActiveX control or a Flash Player update, which then uses a fake anti-virus threat, to try to convince the user that their PC has been infected and that they need to buy bogus anti-virus software to remove it.
In a security blog posting, Trend said that the fake antivirus variant seen in this attack is now detected as TROJ_FAKEAV.SMRY, and that the company was already blocking the sites hosting the malicious files.