- Computer pranks with applications that simulate a Trojan infection are invading the Web
- “Paranormal Activity 2” and “Friday the 13th” used in BlackHat SEO attacks to download malware
As Halloween approaches, applications, fake websites, spam and Trojans all put on disguises to try to trick users. Global IT vendor Panda Security has been detecting attacks like these since August, with the most proliferate attacks listed below.
Halloween pranks used to spread terror…
Even though computer pranks are nothing new, they get massively distributed in the days leading up to Halloween, with the aim of scaring users. These applications are actually harmless, as they really do not contain any malware or Trojans.
They usually arrive at the targeted computer from one of the victim’s contacts, as a Halloween video file or an online greetings card, via email, or a social network. However, once the user has downloaded and installed the item, it displays a series of messages and screens informing the user that they have been infected by a Trojan.
On other occasions, a flash movie may simulate the deletion of all contents on the computer’s hard disk, while a spooky skull is displayed on the screen. The website that distributes this prank offers a video with instructions to configure the movie in order to make it even more realistic and frightening.
In reality, these are just computer virus hoaxes. However, there is no doubt that users will be really scared to see their computer almost destroyed!
And the real threats…
On other occasions, attackers are using latest releases like “Paranormal Activity 2” or Halloween classics like “Friday the 13th” to distribute malware.
Hackers are using these well-known Hollywood productions to launch Blackhat SEO attacks, exploiting popular topics in order to place malicious websites at the top of search results when users look for certain terms in search engines. If a user accesses the malicious website, a Trojan or fake antivirus is downloaded onto their computer. These attacks not only exploit horror movies, but any other Halloween-related items like party invitations, etc.
Panda has also seen an increase in the massive distribution of Halloween-themed spam, used to trick users into giving away their personal data and buying fraudulent or illegal products, or just make money as many of these companies get revenue through pay-per-click systems.
Some tips to protect you
As always, having a great antivirus and taking some basic precautionary measures are the best ways to stay protected against both real and/ or fake threats.
Panda offers the following advice to users:
- Don’t open emails or messages received on social networks from unknown senders.
- Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc.
- If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.
- Do not run attached files that come from unknown sources. In particular, watch out for any files with Halloween-related names.
- Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page. To check that the page is secure, look for the security certificate in the form of a small yellow padlock next to the toolbar or in the bottom right-hand corner of the screen.
- Don’t use shared or public computers for making transactions or operations that require you to enter passwords or other personal details.
- Have an effective security solution installed, capable of detecting both known and new malware strains.
Panda Security offers users several free tools for scanning computers for malware, like Panda Cloud Antivirus: www.cloudantivirus.com.