'Paranormal Activity 2' and 'Friday the 13th' Used in Blackhat SEO Malware Attacks, According to PandaLabs

Cloud Security Company uncovers top tricks used by cybercriminals this Halloween

Oct 29, 2010, 08:30 ET from PandaLabs

ORLANDO, Fla., Oct. 29 /PRNewswire/ -- PandaLabs, Panda Security's anti-malware laboratory, advises computer users to be careful this Halloween as they may be in for a trick thanks to malicious applications, fake websites, spam and Trojans disguised as Halloween treats by cybercriminals. Hackers are taking advantage of popular Hollywood scary movies, such as "Paranormal Activity 2" and "Friday the 13th," to implement Blackhat SEO attacks that target unsuspecting online users through search results. As the Halloween season ramps up, Blackhat SEO, scareware and spam incidents, using both old 'rising from the dead' and new seasonal tactics, have intensified.

In a Blackhat SEO attack, cybercriminals place links to malicious sites in the search results for popular terms, in this case the latest scary movies to arrive in theaters or party invitations for the Halloween season. Once users click on the link and access the site, they become vulnerable to infection by Trojans and other malware, which often come in the form of a fake antivirus program or rogueware, such as "Desktop Security 2010."

Pictures of Blackhat SEO and rogueware can be found here:



Unlike Blackhat SEO attacks, which are truly malicious, Halloween-branded hoaxes look harmful but are little more than annoying pranks containing no Trojans or malware. Users downloading and installing these files will see a series of messages informing them that they have been infected by a Trojan or display a flash video simulating a wipe of the computer's hard drive. A quick scan with a good anti-malware program such as Panda's free Cloud Antivirus will reassure users that no such infection has taken place.

Pictures of such scareware attacks can be found here:




Halloween-themed phishing attacks, another popular tactic among cybercriminals, attempt to trick users into giving away personal data; buying fraudulent or illegal products; or simply clicking a link, which earns the criminals money through pay-per-click systems. Here's what a typical Halloween scam email might look like: http://www.flickr.com/photos/panda_security/5117333662/.

Tips to Stay Safe Online this Halloween

Common sense and an antivirus program will go a long way in keeping users safe online this Halloween, but PandaLabs has some extra tips to ensure a Halloween that's all treats and no tricks:  

  • Only open emails or social network messages from trusted sources.
  • Type URLs directly into the browser – do not click any links included in email messages, social networks or messaging applications – even if they come from a reliable source.
  • Do not download or run files that come from unknown sources – especially .exe files with Halloween-related names.
  • Check that each page you visit is secure – look for the security certificate, usually a small yellow padlock, next to the toolbar or in the bottom right corner of the screen.
  • Be wary of any unwanted downloads, even on legitimate sites.
  • Make online purchases from sites with a solid reputation and secure, encrypted transactions, and never on a public computer.
  • Install an effective security solution such as Panda Cloud Antivirus and keep it updated to detect the most recent threats.

For the latest updates on Halloween malware and scareware please visit the PandaLabs Blog at http://pandalabs.pandasecurity.com/malware-spreading-via-halloween-related-keywords/.

A Happy and Safe Halloween from Panda Security!

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of Collective Intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 99.4 percent of malware detected by PandaLabs is analyzed through this system of Collective Intelligence. This is complemented through the effort of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), working 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com. Follow Panda on Twitter: http://twitter.com/Panda_Security and Facebook: http://www.facebook.com/PandaUSA

SOURCE PandaLabs