'Ondoy' Now Threatens Cyberspace

After devastating several parts of the country, tropical storm "Ondoy" (Ketsana) is now threatening to wreak havoc on cyberspace as well.

Computer security firm Trend Micro said cyber-criminals are exploiting worldwide attention on "Ondoy" by sending trojan programs disguised as news updates.

“Cybercriminals heartlessly exploited the calamity that unfolded in the Philippines. They rigged multiple URLs related to this news to point unknowing users to FAKEAV. Such SEO poisoning campaigns attract users all over the Web especially those who are trying to get information about their loved ones and fellow countrymen in the Philippines," senior threat analyst Joseph Pacamarra said in Trend Micro's blog site.

Users who click the links in the supposed news sites will be redirected to several landing pages where they are asked to download an EXE file, soft_207.exe.

The file, TROJ_FAKEAV.BND, does GeoIP checks that target specific regions or locations.

But Trend Micro said the new development is that the cyber-criminals use search engine optimization, such that their sites come out on top of search results.

"Although riding on tragic events is not exactly new, what is notable is it employed once again blackhat SEO to lead users to a FAKEAV as we had previously discussed here," Trend Micro said.