Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security

Security

Easter and Ford Search Results Poisoned

Blackhat SEO used to promote websites serving fake anti-virus software

By Lucian Constantin, Web News Editor

14th of April 2009, 13:09 GMT

Adjust text size:


Black SEO techniques used to target people interested in Easter and Ford
Enlarge picture
Security researchers warn that malware distributors are profiting from people's interest in the Easter holiday and, apparently, the Ford Motors Company, in order to push malware. Search engine results for keywords related to the two were poisoned with pages that pushed rogue security programs.

Promoting malicious websites by littering their pages with certain keywords so that they appear higher in search results is an increasingly popular practice. These techniques bear the name of blackhat search engine optimization (SEO) and are usually combined with other tools, such as Google trends, which are used by cybercrooks to get an accurate insight into what people are most actively looking for on the web during a certain period of time.

"Easter, like any other holiday, will not pass without cybercriminals attempting to exploit the occasion for their own malicious operations," Jake Soriano, technical communications specialist at Trend Micro, warns.

According to an investigation by Paul Ferguson, advanced threats researcher at Trend, known Russian and Ukrainian cybercriminal organizations are behind most of the Easter-related blackhat SEO campaigns. While this holiday has already begun for Catholics and most western Christians, it has yet to start for the Eastern Christianity, including those in the countries mentioned above.

The malicious websites scoring high in search results contain JavaScript code, which redirects users to other locations where a rogue anti-virus program, detected by Trend as TROJ_FAKEAV.BAF, is being downloaded.

Meanwhile, security researchers from Panda Security warn of a similar campaign targeting people looking for the Ford Motor Company. The analysts have been able to identify a staggering one million such malicious links.

"This case is especially interesting because it’s one of the few SEO attacks that we have seen targeting a single, specific brand," Sean-Paul Correll, one of Panda's specialists in threat surveillance and emerging threats, notes.

The rogue pages used in this attack ask users to download and install an alleged video codec called softwarefortubeview.40030.exe, which is, in fact, MS AntiSpyware 2009, a well-known scareware-type application. Another file being served to unsuspecting users is called AntiVirusInstaller.exe and is being detected by Panda products as Adware/Anti-Virus-1.

We recently reported that malware distributors had employed similar tactics during the pre- and post-April 1st hype surrounding the Conficker worm, or the February Gmail downtime.

TAGS:

 Easter holiday | blackhat SEO | search result poisoning | Ford Motor Company | scareware distribution
Read by 1,267 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
NOT RATED 0 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Cybercrooks Profit from the Conficker Hype

Cyber-Criminals Take Advantage of Gmail Downtime

Google Video SEO Poisoning

Digg Abused to Distribute Malware

User opinions:


Comment #1 by: Matt on 16 Apr 2009, 19:35 GMT reply to this comment

They rally need to make a cure for the MS AntiVirus fake program because it will not even show my desktop! When I delete all my viruses in my rwal antivirus program it wont even detect the MS virus is there any way to get rid of it???

Comment #1.1 by: Lucian Constantin on 17 Apr 2009, 07:12 GMT

Most reputed anti-virus programs should be able to remove scareware applications (what MS AntiVirus is). However, any security professional will tell you that if you are going to run a scan on an already infected computer, you should do so in Safe Mode.

To get into safe mode, keep tapping on the F8 key right after the POST-message (before windows starts loading). This should bring out a text menu with different options. Choose Safe Mode at that screen and Windows will boot into a limited environment. Don't worry about the poor screen resolution and don't attempt to change it, as that's how it is supposed to be.

You will have to start your anti-virus program manually, even if you had it set to automatically start on reboot (default behavior). Since you have not mentioned what your "real anti-virus program" is, I will assume it is one that can remove this threat. If not, uninstall it temporarily, and get a free, fully working, 30-days trial version from a reputed vendor (Kaspersky, ESET, Symantec, McAfee, Sophos, Avira etc.) just for this task, but first try with the one you already have installed.

Make sure the anti-virus updated with the latest definition files. You might have problems doing this in normal mode, as your infections might mess with the process. In this case you can attempt to do it in "Safe Mode (with networking)" or download the definitions manually and install them in Safe Mode.

Good luck and hope my input helps.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive