Posted by: Robert Westervelt
Rogue Antivirus, SEO attacks
A search for “Mel Gibson tapes” yields plenty of poisoned webpages, according to TrendLabs researchers.
People searching for information related to the Mel Gibson controversy will get a startling number of SEO poisoned webpages in return. To make matters worse, clicking on some of the bad results brings users to a dangerous website, prompting them with a phony Adobe Flash Player installer.
Searches related to the Mel Gibson alleged telephone rants at his ex-wife have increased steadily since the news surfaced last week. So it’s not surprising that Black Hat SEO tactics would be used to target people searching for the tapes.
Researchers at TrendLabs said that while some pages resulted in fake malware infection warnings, others showed the fake Adobe Flash Player installer window. Clicking on the link will result in downloading fake antivirus and other malware.
“The page may trick the user into thinking that the link that they’ve clicked leads to a video, and that they need to install Adobe Flash Player to view it,” wrote Norman Ingal, a TrendLabs threat response engineer.
Ingal said the fake installer was very convincing with a URL that looks like it comes from an Adobe-related site. The researchers are noting a trend in which SEO poisoning attacks are deployed in searches other than popular news items and warned users to be careful when conducting searches. Not surprisingly, Trend also found a number of SEO poisoned results leading to fake YouTube pages.
Back in April, TrendLabs engineers wrote about a new attack that uses a fake Adobe update to install a Trojan on victim’s machines. It can be used to steal credentials and other sensitive data from victims’ machines. Last December, researchers at antivirus vendor F-Secure documented SEO poisoned attacks attempting to target people searching for the Tiger Woods controversy.
There’s two reasons why we’re seeing so many of these, according to F-Secure. They’re automated, making them easy to pull off in large numbers and they work.
One way to ensure better results: Use Google’s secure search (https://www.google.com). Search requests go through an encrypted SSL connection and yield safer results.