14 DAY TRIAL // In case you were thinking about searching for TorrentReactor and ZDNet Asia via Google, think again or plain don't do it, as anti-virus firm F-Secure noticed something mighty weird and mighty wrong going on with the results. Taking advantage that the previously mentioned sites cache the queries typed into their search boxes and the terms are later indexed by Google, cyber criminals simply sought for infected sites on the two sites and the job was done. As easy as typing popular search terms into a popular website along with the text of an IFRAME that points to malicious websites, Dan Goodin wrote for The Register.
Google is trying hard to protect its users from falling for these schemes and usually posts a message when a link found via its search engine points to a dangerous website, but it will have a difficult time fighting this wave of search results doing the nasty with the users' computers.
The programs on the infected sites redirected to are trying to install malicious programs with very credible names, such as XP Antivirus 208 or Spy Shredder Scanner. To be honest, if I ever saw something threatening to shred anything, I'd go for it headfirst, but then again, installing software that doesn't have a well known author signing it or that you've never heard from before doesn't pay. The respective sites are associated with the Russian Business Network, according to F-Secure.
Cyber criminals must have learned by now that if you don't want to do the time associated with the crime, covering tracks is most useful. Should you try and directly type the URL of the infected web page, you'd get an error message saying that the site isn't available. And it really isn't, unless it sees that it is being accessed via a link from Google or another popular search engine, nigh untraceable.