Halloween is just around the corner, and, as expected, malware authors have already concocted a brew of early scares: blackhat SEO, fake Adobe Flash notification, and a malicious file download.
We start with the search term "halloween skeleton templates," which brings up a poisoned search result. The link redirects users to what appears to be a fake YouTube site.
The fake YouTube site uses nude images of celebrities like Emma Watson and Paris Hilton as a ploy. These, along with salacious captions, are meant to entice users into playing the apparent video. When users click any of the links on the page, they are prompted to update Adobe Flash Player.
Users who fall for the trick are prompted to download a malicious file called scandsk.exe, identified by 15/43 VirusTotal engines.
Websense Web Security customers are protected against this attack through our Advanced Classification Engine.