iCloud search ends with fake AV

Following Steve Jobs’ announcement of Apple’s entry into the cloud business, the term “iCloud” has quickly become a trending topic. And cyber scammers – quick as always – have made it their business to poison Google search results tied to the keyword.

A number of these URLs that come up in search results have been found on MyMobi, a news site that covers news about new gadgets. These pages have been cleaned up in the meantime, but that’s no guarantee that the criminals won’t manage to compromise them again – or other sites for that matter.

Once the users follow the offered link and lans on the compromised page, they get immediately redirected to a malicious page where a script tries to download a file named SecurityScanner.exe onto their computers. If they run it, a fake AV by the name XP Antispyware 2012 gets installed.

“The program contains a registration button. When users click this, the page redirects to a phishing site with a newly created domain that contains the “Choose Plan & Checkout” option to purchase XP Antispyware 2012,” explains a Trend Micro researcher. “The FAKEAV malware also blocks Web browsers, Internet Explorer and Google Chrome from surfing the Internet unless users purchase the product.”