Without a doubt, the terrifying catastrophe of Air France Flight 447 has been among the top news headlines throughout the world. And even though the tragedy has not yet been resolved and many questions are left unanswered, cyber criminals are successfully using this issue in their malicious schemes. This time they are exploiting users' curiosity to find more information about the tragedy on search engines. Watch out because cyber criminals will use this opportunity to drop TROJ_YEKTEL.AA onto your PC then an installation prompt will be displayed for the fake Personal Antivirus.

How does the whole malicious attack take place? And what should you be aware of? Just imagine, you go to google.com and enter certain keywords related to the Air France Flight 447 crash, just to find some new useful information. You do nothing wrong - you don't open any unknown attachment or read suspicious messages. But even in this case cyber criminals can trick you. Through the use of a SEO (search engine optimization) poisoning attack, searches for crash related information can lead you to links that when opened can navigate you to various suspicious sites. This attack ultimately ends in the download of rogue antivirus software.

This fake antivirus software is downloaded by the executable file called Install_2022.exe. The malicious executable is also detected as TROJ_FAKEAV.BIM and has no other known alias names. When executed, TROJ_FAKEAV.BIM connects to a certain URL, downloads a file and renames it when stored in the affected system. The downloaded file is saved as TROJ_YEKTEL.AA.

When executed, TROJ_YEKTEL.AA - also known as TrojanDownloader:Win32/Yektel.A, Generic Downloader.z, Packed.Generic.187 - prompts potential victims to download a purportedly necessary antivirus software called Personal Antivirus. As is the case with a majority of rogue software, as soon as you install this program, a message about the whole bunch of supposedly detected malware will be displayed. Keep in mind that all this malware is fake and the only aim of hackers in this case is to scare unaware users into purchasing a copy of the full version of Personal Antivirus.

Therefore, stay extremely alert if you don't want your computer to be infected with malware and fake antivirus software. Always remember that the most recent important worldwide news - both tragedies and happy events - attract not only yours but cyber criminals' attention as well. The more serious and important the news event, the more chances it will be used by hackers for malicious activities.

said by MrBrightSide :

I'd much rather have loud fake antivirus infections than stealthy silent rootkits that hide in the background stealin' all your passwords without advertising their presence to you.