California Wildfires Search Results Lead to Malware

The poisoning is part of a larger black hat SEO campaign

By Lucian Constantin on September 2nd, 2009 10:37 GMT
Security experts warn that searching for information about the bushfires currently gaining ground in California is likely to lead to malicious Web pages that attempt to infect visitors with malware. This attack seems to be part of a larger campaign that poisons search results for multiple current news topics.

Security researchers from antivirus vendor Sunbelt warn that searching for "Altadenablog," a popular news source for people living in Altadena, is returning a lot of malicious links. Altadena is one of the Californian locations currently affected by the wildfires.

"Altadena Fire Hottest Info" is also a search string that has been hijacked, with many of the pages returned distributing a trojan downloader called CodecPack.2GCash.Gen. "They use switching terminal sites as they are the urls not seen in transmissions that can remain static for days but rotating to the newer 2GCash Fake Codec sites," Patrick Jordan, senior spyware research analyst at Sunbelt, explains.

Meanwhile, researchers from CA are also reporting poisoned search results related to the southern Californian wildfires. What is interesting about their report is that the malware being distributed includes a trojan for Mac OS X, called Jahlav or MyCinema, and a rogue antivirus program called Smart Virus Eliminator.

The CA investigation was the result of a report from a user looking for maps of the Station Fire in Los Angeles. "Immediately, we searched and verified this report, and surprisingly it was the #1 hit out of millions of pages in Google’s search results, while for Yahoo, it was the 4th hit," the company's experts note.

A report from antivirus vendor Panda Security links some of these attacks to a much larger scareware distribution campaign leveraging on other hot news subjects as well. "The Rogueware campaign we blogged about last week turned into a full blown BHSEO attack targeting relevant news topics such as, the California wildfires, Ted Kennedy’s death, DJ AM’s death, Mega Millions Lottery, Hurricane Danny, UFC 102, CNN and BBC breaking news among thousands of search terms and 123,000 links," it reads.

As always, users are advised to get their news only from trusted sources and avoid clicking on search results if they do not recognize the domain names they point to. Having a solid and update antivirus solution installed is also a must when it comes to staying clear of such threats.
Cybercrooks poison search results for the California wildfires
   Cybercrooks poison search results for the California wildfires
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

1 Comment