This time the alert looked like somebody wrote something about me. But when I clicked I was redirected and confronted with the Antivirus 2009 product. This product had some bad press releases lately since it's a Trojan. It pretends to be good but contains a virus itself. It's a tricky one since it states that your computer might be affected and that they have a cure.
They try to lure you in downloading and executing an exe. Our Forefront client security protects us from this kind of Trojans. But still how it uses a personal approach is very nasty. They crafted a page that would be picked up by Google and hope that you go to their site.
With Forefront threat management gateway it produces the following warning:
So what do you do in such a case?
- First I reported the search result with Google. They removed the link from the search result the same day. Good work Google.
- The URL's used I pinged to determine the IP. That IP I check with http://www.ripe.net. To find out who own the IP or netblock and mailed the abuse and technical contact.
- After that I reported the website via the Internet Explorer Phising filter.
That's more or less I could do. Let's hope it helps other users and that the servers or domains become inactive.
Let me know if you ever experienced such a thing.
No comments:
Post a Comment