CA is warning Internet users searching for the perfect pumpkin pie recipe or turkey-cooking directions to be on high alert for the latest batch of socially engineered malware traps.
In a new blog posting, CA (NASDAQ: CA) security team members this week have identified numerous malicious Thanksgiving-related links designed to ferret out personal data from link-happy holiday revelers.
“It may not be Thanksgiving Day yet, however malware authors are prepared in advance to lure in unsuspecting Internet users into a malware recipe for disaster,” CA officials wrote in the post. The new attacks are “owing to the growing trend of search engine optimization-related social engineering attacks gaining popularity recently with the holidays and the latest celebrity news headlines.”
The Thanksgiving-themed scams follow a rash of similar attacks targeting people looking for the latest information on celebrity deaths, nude pictures and even popular online games.
After Googling a variety of Thanksgiving terms and recipes, CA said users are directed to an intermediate page while various Web page re-directs are observed in the browser.
After a few seconds, a bogus scanner page shows up warning the user that their machine is infected by viruses. Clicking anywhere on the dialog box results in the download of a file “install.exe” which security officials have identified as just another example of a phony antivirus software application.
If the file “install.exe” is allowed to run on a machine, a rogue security product called “Security Tool” is installed on a user’s machine that further scares users with fake infection warnings and pesters them into paying money for fake protection.
“As always, we recommend that you exercise extreme caution while surfing the Internet and in downloading files, and that you always keep your CA Security Products updated with the latest signatures,” CA security officials said.