Security Bytes

Jul 15 2010   12:58PM GMT

Poisoned Mel Gibson search results yield fake Adobe Flash installer

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

A search for “Mel Gibson tapes” yields plenty of poisoned webpages, according to TrendLabs researchers.

People searching for information related to the Mel Gibson controversy will get a startling number of SEO poisoned webpages in return. To make matters worse, clicking on some of the bad results brings users to a dangerous website, prompting them with a phony Adobe Flash Player installer.

Searches related to the Mel Gibson alleged telephone rants at his ex-wife have increased steadily since the news surfaced last week. So it’s not surprising that Black Hat SEO tactics would be used to target people searching for the tapes.

Researchers at TrendLabs said that while some pages resulted in fake malware infection warnings, others showed the fake Adobe Flash Player installer window. Clicking on the link will result in downloading fake antivirus and other malware.

“The page may trick the user into thinking that the link that they’ve clicked leads to a video, and that they need to install Adobe Flash Player to view it,” wrote Norman Ingal, a TrendLabs threat response engineer.

Ingal said the fake installer was very convincing with a URL that looks like it comes from an Adobe-related site. The researchers are noting a trend in which SEO poisoning attacks are deployed in searches other than popular news items and warned users to be careful when conducting searches. Not surprisingly, Trend also found a number of SEO poisoned results leading to fake YouTube pages.

Back in April, TrendLabs engineers wrote about a new attack that uses a fake Adobe update to install a Trojan on victim’s machines. It can be used to steal credentials and other sensitive data from victims’ machines. Last December, researchers at antivirus vendor F-Secure documented SEO poisoned attacks attempting to target people searching for the Tiger Woods controversy.

There’s two reasons why we’re seeing so many of these, according to F-Secure. They’re automated, making them easy to pull off in large numbers and they work.

One way to ensure better results: Use Google’s secure search (https://www.google.com). Search requests go through an encrypted SSL connection and yield safer results.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: