Fake AV spreading via Yahoo! Answers

From poisoned Google image search results to poisoned answers to legitimate questions on Q&A sites like Yahoo! Answers and public forums, malware peddlers are determined to use every possible way to spread their malicious payloads.

Bkis researchers have recently spotted some new fake AV variants being distributed in the latter way, and have decided to investigate the matter. What they discovered is a number of questions answered with a variant of “Anyway, I think this will help you [LINK]”

The offered link takes the users to a site (answers-yahoo-z.tk) mimicking the Yahoo! Answers site (answers.yahoo.com):

The user is supposed to download the file with the answer, but unfortunately it is an executable – a fake AV downloader.

Similarly poisoned are other Q&A sites and forums:

The offered links consistently drive the traffic to the same website. The link will probably be changed in the future, but the approach is likely to be milked until the greater public becomes aware of it.




Share this