14 DAY TRIAL // Google Alerts members who want to be informed about Trojans get a lot more than they bargained for, as they receive links with real threats just waiting to be accessed by unsuspecting victims.
After Bing and Yahoo search engines blew it by advertising malware containing websites, it's Google's turn to send customers links to virus containing pages.
John Barrett from CleanBytes set up his Google Alerts account to send him updates on anything related to Trojans and yesterday he received a link that apparently came from WCBI.
After clicking on it, he was directed to a place that resembled a Megaupload site. The page is actually a fake and if the download button is pressed, an odd looking file called 2_setup.exe, that's supposed to contain a Trojan anti-virus, is offered.
Upon submission to VirusTotal, the results revealed that a ZeroAccess Trojan was masqueraded as the “innocent” looking file.
These types of ill-purposed pieces of software are one of the most dangerous as they're able to hide themselves deep in the operating system, infecting the master boot record if not stopped in time.
In this case it seems that the WCBI website was hacked and according to Barrett “again we have to deal with another Google search results poisoning.”
Just like all search engines, Google should enable some sort of filtering mechanism to make sure that no malicious content is given to subscribers or visitors.
As in the previous scenario, when Bing and Yahoo served their users malware through advertisements, this time we'll keep an eye on Google to see if it removes the compromising address from its indexes.
It's been a few days now and the corrupt wcbi.com address still redirects us to the dangerous location. Our trusty Nod32 application blocks the page as it detects it as being contaminated, but while performing a simple search for “wcbi.com Free download anti virus trojan” the site appears proudly on top of anything else.