Web surfers in search of news of California wild fires are being served up Trojan downloaders from malicious sites taking advantage of the high news profile of the situation.
Steve Bass, who is near Altadena, Calif., sent us a note:
“We’ve discovered that if you conduct an “Altadenablog” search on Google right now, it will point you to several sites that will try to load malware on your computer. It’s pretty insidious — it will not allow you to surf away nor shut off the browser unless you click the “Yes” button on the “Download antivirus software now!” box. We have a Mac and know a few hacker tricks to shut down a recalcitrant browser, but others might not be so lucky.”
Another dangerous search string is: “Altadena Fire Hottest Info” Steve said.
In another email he wrote: As you know, we’re in the thick of it. No danger right now, but street is smoky.”
Patrick Jordan followed up with some research.
“This is one of the groups of sites which is changed everyday and the Trojan downloader is the Trojan-Downloader.Win32.CodecPack.2GCash.Gen
“They use switching terminal sites as they are the urls not seen in transmissions that can remain static for days but rotating to the newer 2GCash Fake Codec sites.”
Thanks to Steve Bass