Malicious ads sent through ICQ

Experts from Kaspersky Lab in the past few days have received numerous reports that the fake antivirus Antivirus 8 infects users' computers. Interestingly, the fake antivirus pop-up windows appear when the computer was not used actively. Experts have found that it happened at a time when the program ICQ receive and display new promotional messages.




During the investigation, was established the following:

This page is hosted at [...] charlotterusse.eu. Because the page contains the iframe, it can be assumed that the ad server stores (Charlotte Russe - a clothing store) has been hacked. However, it is not. Furthermore charlotterusse.com, none of the servers whose addresses are contained on this page is not related to this brand of clothing.

This means that someone has created the appearance of the existing store to the system of distribution of advertising is not blocked advertisement, because such systems weed out obviously fraudulent applications. But the most interesting in this case that the attackers to deflect suspicion from himself for distributing malicious software, have created the appearance that their server was hacked. Most likely, a distributor of advertising at this time limited to a warning, so that the fraudsters will have at least one more chance to infect users' computers.

Source: Securelit