14 DAY TRIAL // Security researchers from GFI Sunbelt warn that users who searched for the open source Firefox browser on Bing recently, might have ended up on a website pushing adware.
Unlike the regular BHSEO campaigns, this malicious result which directed users to a rogue site called fire10fox.com, appeared at the top of search results because it was sponsored.
The site was well designed and attempted to trick users into downloading several adware components called Hotbar, ShipperReports, blinkx Beat and QueryExplorer.
The site advertised a new Firefox version, but when clicking the download button, visitors were taken to a secondary page, which claimed that a "Hotbar offer engine" was required to access the download.
"Download the Hotbar offer engine for access to premium content. Based on keywords from your browsing, the Hotbar offer engine will show you labeled advertising in a separate browser window or a temporary slider. If selected, ShopperReports will provide you with companion shopping offers in a sidebar and QueryExplorer will provide address bar search," the page read.
Of course, most people who use Firefox, would hopefully be aware that the browser is completely free and no additional software packages are required to obtain it, but the incident stands to show that cybercriminals are also abusing other search engines except Google. According to Sunbelt, who's VIPRE product detects the Hotbar as Trojan.HTML.FakeAlert.e, the website was still active this morning.
It has since been taken offline, but it is still available in Google's cache and it offers Firefox 3.6.8. This version was released on 23 July, suggesting that this scam might have been around for a significant period of time.
In related news, users are complaining that ZoneAlarm might be using unethical, if not scareware-like advertising tactics to push their antivirus product.
Some of these methods involve showing that anti-malware solutions from other vendors don't detect a malicious sample, while its own product does, and displaying warnings that suggest computers are infected with malware, when in fact they aren't.