Yet again, we have a legitimate website with a significant user base being used as a catalyst for attack. Combine that with an abysmal detection rate on the malicious payloads by desktop AV, the first and often only line of client side defense for many enterprises, and we have a potent attack that has no doubt affected many end users.

Another example of a prominent, high traffic web site that has been hijacked to deliver malware to anyone browsing the site.

The cat and mouse game between Fake AV and the security researchers will probably keep going on for a long time. Since the attackers keep modifying their content, malicious HTML, JavaScript and executables, Zscaler has to keep monitoring the changes in order to protect their customers given this rapidly-evolving threat.

A quick look into the evolving nature of fake AV attacks, and the continual work that goes in to keeping up to date with the attackers.

Attackers often try to target popular events and the WorldFest is a valuable target with the event beginning on April 8^th. This site will surely get plenty of traffic given that this is a popular film festival.

Another example of how attackers use legitimate web sites to deliver malware to unsuspecting visitors.