Security researchers warn that search results for a new controversial TV commercial featuring Tiger Woods have been poisoned with malicious links. The scareware distributed via this black hat search engine optimization (BHSEO) campaign has a very low AV detection rate.
In the wake of the 2010 Masters Golf Tournament, which saw Tiger Woods' anticipated return on the field, Nike launched an emotional TV ad featuring the golf superstar being questioned by the voice of his late father in regard to the cheating scandal he was involved in.
Described as distasteful or downright creepy by some critics, one thing's for sure - the commercial peaked the interest of a lot of people, which is what Nike probably hoped to achieve in the first place. However, the heated Internet forums and blog discussions regarding the ad have pushed it as a trending topic in Google Search.
As with all events that generate a fair amount of Internet traffic, cybercrooks have jumped at the occasion to spread some more malware by poisoning related search results. "A user looking to see the commercial online would likely search 'tiger woods commercial' – the search is heavily poisoned. Out of the top 7 search results, six lead to Fake Anti-Virus pages begging the user to install malicious software," warns Lee Graves, threat communications specialist at eSoft.
Fake antivirus programs, collectively known as scareware or rogueware, attempt to trick users into paying useless license fees by displaying bogus security alerts. Users who fall for such scams also compromise their financial details in the process, exposing themselves to further fraud.
The scareware variant distributed via this BHSEO campaign is not being detected by many top antivirus solutions, according to eSoft, which develops its own Web filtering solution. And it's not just the Tiger Woods Nike commercial that users should be careful about, but also searches related to the Masters itself, as the event has been targeted in a similar fashion.