Samantha Geimer’s abuse and Roman Polanski’s arrest used to spread Personal Antivirus-like rogue

In my yesterday's post, I described the way spammers understood to advertise drugs, by exploiting the reader's avid curiosity. In less than 24 hrs, as I predicted, malware authors thought it would be a good idea to have their share from the entire arrest story.

Several maliciously crafted Web sites still appeared early this morning on the first result pages displayed by search engines when queried about the filmmaker's fate.

When clicked, the links automatically redirect the browser towards several Web sites registered on .cn domains holding the newest member of the rogue family - Total Security Rogue, detected by BitDefender as Trojan.FakeAV.SQ.

Its behaviour is similar to its "relatives" - XP Antivirus, Antivirus 2009, AV360 or Personal Antivirus. When landing on the malware distribution Web page, the browser window is automatically minimized and a warning message simultaneously displays, notifying the user about several computer infections and the availability of Total Security.

By clicking either OK or Cancel buttons of the several pop-up windows invading the screen, the user triggers a fake movie that plays in the restored browser window.

The movie mimics an on-going scanning process that supposedly detects malware within the system. For more credibility, the e-criminals added a "Your Info" panel in the left side of the phony My Computer Online Scan window, which displays details about IP, Country and City of the user's machine.

Total Security Rogue modifies the registry settings, requests the user to buy/renew a license and downloads additional rogue applications. These are also responsible for the fake alerts it displays, while claiming to scan an alleged compromise system.