Blackhat SEO Poisoning: “Djia Finance” Searches Lead to BlackHole 2.0

The malware is only detected by a low number of antivirus products

By on November 13th, 2012 09:37 GMT

Experts have discovered that cybercriminals are relying on blackhat SEO poisoning to trick users into accessing websites that rely on the BlackHole Exploit Kit 2.0 to serve malware.

AegisLab researchers have found that Google searches for “djia finance” bring up a website that hosts a malicious PHP file (www.hv20.com/payroll/djia-finance.php).

A script on this page attempts to download a malware-containing PDF file that’s currently detected by only 3 of the 44 antivirus engines on VirusTotal.

After analyzing the download site, experts have determined that it actually hosts the BlackHole Exploit Kit 2.0.

The most worrying fact is that Google is not warning users about this particular search result and, at the time of writing, it still showed up on the second page.

Hopefully, antivirus companies will rush to add the signature of this particular malware to their databases. Until then, users are advised to be careful what sites they visit.
Google searches for "djia finance" lead to BlackHole Exploit Kit 2.0
   Google searches for "djia finance" lead to BlackHole Exploit Kit 2.0
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments