Fake Antivirus Delivered to Users in the US via Fiesta Exploit Kit

Posted April 21, 2015 · April 21, 2015

Scareware tactics used to generate fake license purchases

The operators of Fiesta exploit kit have switched the payload delivered to users with outdated browser plug-ins from crypto-malware to fake antivirus software, an old type of threat that runs a bogus scan and tricks users into purchasing the product to get rid of the infections.

The counterfeit product is promoted as "Antivirus Pro 2015" and it disables some Windows tools and software that could be used to deactivate it, such as Task Manager, Process Explorer, and Internet Explorer.
Most infections recorded in the US, Japan and Australia

Researchers at Trend Micro found that the new payload started to be distributed after March 19, a switch from spreading crypto-malware TeslaCrypt that deletes shadow copies and encrypts mostly files used by popular game titles.

Among the games affected by TeslaCrypt, there are Call of Duty, Star Craft 2, Minecraft, Half-Life 2, The Elder Scrolls (Skyrim-related files), WarCraft 3, Assassin’s Creed, World of Warcraft, League of Legends, and World of Tanks.

The reason for changing the payload to Antivirus Pro 2015 is not known, but exploit kits are often employed for dispensing different threats.

According to telemetry data from Trend Micro, the country most targeted by Fiesta operators during the month of March is the United States, accounting for more than a third (36.9%) of the total infections recorded. The next two countries impacted are Japan (15.73%) and Australia (11.9%).
Keeping software updated lowers the risk of infection

Antivirus Pro 2015 relies on scareware tactics and displays multiple security warnings to the victim, promising to clean the system of all alleged threats if a 1 or 3-year license of the product is purchased (some versions of the threat ask for at least $64 / €60).

On the online payment page, users have to provide the card data, which may be collected for fraudulent purchases in the future.

The false anti-malware program is detected by multiple genuine antivirus products, including the free versions, and the general recommendation is to have them up-to-date.

Fiesta browser-based attack tool includes vulnerabilities for outdated versions of Adobe Flash Player, Internet Explorer, Silverlight and Adobe Reader. Having the latest versions of these products installed is a good way to protect against drive-by attacks.

From: http://news.softpedia.com/news/Fake-Antivirus-Delivered-to-Users-in-the-US-via-Fiesta-Exploit-Kit-478933.shtml