Posted by: Robert Westervelt
SEO attacks; rogue antivirus
Popular search term exploited to funnel users to a rogue search engine. A variety of tactics continue to prey on search engine users.
According to TrendLabs’ JM Hipolito:
As of now, the cybercriminals’ goal in all this seems to be hijacking search traffic from search engines, and redirect them into their own search engine to earn them money. If it stays as such is not yet known, but users need to be wary, since it would be very easy for cybercriminals to change the final landing site of the redirections to a malware-hosting site.
We recently wrote about popular search terms being optimized by cybercriminals to ensure their attack websites are highly visiible in search results. Some are less nefarious and try to get as many users as they can to view their ad riddled sites. Others host malware and rogue antivirus programs.
A popular search for Tiger Woods in December resulted in a number of malicious sites hosting rogueware. In the case of “free printable,” Trend said the term is a highly popular phrase in South Africa and the United States.
Users of Internet Explorer can be tricked easily since the programs are designed to look like a Windows Security alert followed by a fake scan and instructions to download a program to remove malware. Sometimes victims are asked to pay a fee for the fake antivirus, other times they are duped into downloading the program, riddled with malicious programs.
At the time Sean Sullivan of F-Secure urged people to search for topical items on Google News rather than Google’s main search engine. Many legitimate news sites have Web admin teams protecting them, he said.
Security researchers warned last June that cybercriminals were attempting to exploit the Michael Jackson and Farrah Fawcett deaths. Poisoned search engine results sent users to a variety of malicious sites, many leading to bogus antivirus downloads.