Whenever there is an important, worldwide sports event, malware researchers know that they can expect an outbreak of malware attacks that try to take advantage of the public’s interest. It happened with the Beijing Olympic Games, the South Africa World Cup and will probably happen with the 2012 London Olympic games. TROJ_FAKEAV.HUU is just one of the many online malware scams that try to take advantage of the hype and interest surrounding the UEFA European Championship 2012, the so-called Euro Cup, a European soccer championship with a rabid worldwide following.
TROJ_FAKEAV.HUU is Acquired from a Fake Euro Cup 2012 Web Page
The official website for the UEFA Euro Cup 2012 is http://www.uefa.com/uefaeuro. However, criminals set up a malicious web page that uses a similar domain (Euro2012) in order to mislead PC users into believing that it is the official UEFA web page. This website is designed to imitate the layout of the official page in order to make it looks like that the victim is actually visiting the actual UEFA page. This website hosts various malware threats, including the TROJ_FAKEAV.HUU Trojan.
An Overview of the TROJ_FAKEAV.HUU Attack
The TROJ_FAKEAV.HUU attack is an interesting mix of a phishing scam and a typical rogue security program scam. Basically, TROJ_FAKEAV.HUU will install a fake security program similar to rogue security software in the VirusDoctor family of malware. This fake security program will carry out the typical rogue security software scam. That is, TROJ_FAKEAV.HUU will attempt to persuade the victim that their computers are seriously infected with malware. To do so, TROJ_FAKEAV.HUU will display numerous error messages and fake virus alerts. However, trying to fix these supposed virus infections will result in error messages claiming that the victim needs to ‘upgrade’ to an expensive and useless full version of this fake security program.
The registration page for this fake anti-virus is actually a phishing website which will try to save the victim’s personal data, including their name, billing address, and credit card elements. This data can then be utilized to steal the victim’s identity and to steal their money and max out their credit card. To avoid falling for the TROJ_FAKEAV.HUU scam, it helps to know how to differentiate a rogue security program from the real thing:
- Rogue security programs will usually be installed without your authorization.
- They will claim that your computer system is severely infected but will provide few, if any details.
- They will never be able to fix these supposed malware infection.
- They will always prompt you aggressively to purchase a ‘full version’ through the use of constant, irritating error messages and browser redirects.
- They will be difficult, if not impossible to remove through normal means.
How Can You Detect TROJ_FAKEAV.HUU?