Incidents

Blackhat SEO and Osama Bin Laden’s death

As always, when big news appear in the press the bad guys start blackhat SEO campaigns in popular search engines trying to lure users to install Rogueware.

It’s not different this time, with the top news about Osama’s Bin Laden death being everywhere. The bad guys were quite fast and started to poison searches results in Google Images.

Some of the search results are now leading users to malicious pages:

When clicking an image in the results page, the user will be redirected to one of the malicious domains:

***-antivirus.cz.cc/fast-scan/

***pe-antivirus.cz.cc/fast-scan/

Both domains are offering a copy of the rogueware known as “Best Antivirus 2011”:

This rogueware is already detected by Kaspersky as Trojan.Win32.FakeAV.cvoo

When searching, even for images, be careful!

Blackhat SEO and Osama Bin Laden’s death

Your email address will not be published. Required fields are marked *

 

Reports

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox