- Computer pranks with applications that simulate a Trojan infection are invading the Web
- “Paranormal Activity 2” and “Friday the 13th” used in BlackHat SEO attacks to download malware
- Spam aimed at getting clicks and personal data using Halloween icons as bait is being widely used by attackers
As Halloween approaches, applications, fake websites, spam and Trojans all put on a disguise to try to trick users. PandaLabs, the anti-malware laboratory of Panda Security -The Cloud Security Company- has been detecting attacks like these since August. However, these have intensified over the last few days and we are seeing old specimens ‘coming to live’, new strains and fake applications that only attempt to scare users a little bit.
Halloween pranks to spread terror…
Even though computer pranks are nothing new, they get massively distributed in the days leading up to Halloween in order to terrorize users. These applications are actually harmless, as they really do not contain any malware or Trojans.
They usually arrive at the targeted computer from one of the victim’s contacts as a Halloween video file or an online greetings card via email, social networks, etc. However, once you download and install them, they show a series of messages and screens informing you that you have been infected by a Trojan.
On other occasions, it is a flash movie that simulates the deletion of all contents on the computer’s hard disk, while a spooky skull is displayed on the screen. The website that distributes this prank offers a video with instructions to configure the movie in order to make it even more real and scary.
In reality, these are just computer virus hoaxes, as neither have you been infected by any malware nor has your hard disk been formatted. However, there is no doubt that users will be really scared to see their computer almost destroyed!
Hackers are using well-known Hollywood productions to launch Blackhat SEO attacks, that is, they exploit trending topics to place malicious websites at the top of search results when users look for certain terms in search engines. Once the user accesses the malicious website, a Trojan or fake antivirus is downloaded onto their computer.
These attacks not only exploit terror movies, but any other Halloween-related items like party invitations, etc.
Desktop Security 2010: A rogueware or fake antivirus downloaded by one of Halloween’s Blackhat SEO attacks.
Another way attackers are raising havoc these days is the massive distribution of Halloween-themed spam to trick users into giving away their personal data and buying fraudulent or illegal products, or just make money as many of these companies get revenue through pay-per-click systems.
Some tips to protect you
As always, information and taking some basic precautionary measures are the best ways to stay protected. Watch out for any attempts to trick you either through pranks in bad taste or real malware that tries to ruin your Halloween party.
These are some PandaLabs tips to prevent any of this:
- Don’t open emails or messages received on social networks from unknown senders.
- Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc.
- If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.
- Do not run attached files that come from unknown sources. In particular, watch out for any files with Halloween-related names.
- Even if the page seems legitimate, but asks you to download something, you should be suspicious and don’t accept the download.
- If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.
- Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page. To check that the page is secure, look for the security certificate in the form of a small yellow padlock next to the toolbar or in the bottom right-hand corner of the screen.
- Don’t use shared or public computers for making transactions or operations that require you to enter passwords or other personal details.
- Have an effective security solution installed, capable of detecting both known and new malware strains.
And finally… Have a happy Halloween!!