14 DAY TRIAL // Security researchers warn that Google Image searches for president Obama's birth certificate have been poisoned with malicious links that lead users to scareware.
This new black hat SEO campaign was prompted by the White House's decision to release President Barack Obama's long-form birth certificate in order to put to rest the controversy surrounding his birthplace.
The president previously released a standard short variant of the document, which lacked some details, like the name of the exact hospital where he was born in Hawaii.
News of the extended version being released has led to a lot of Google Image searches for "Obama birth certificate," which in turn provided a good opportunity for attackers.
Security researchers from GFI Software warn that links leading users to drive-by download attacks have made their way on the first page of results returned for the aforementioned keywords.
The malicious pages load an exploit for a known Java vulnerability. If successful, the attacks result in the installation of a scareware application called "Security Shield" on the victims' computers.
The fake antivirus program currently has a very low detection rate according to an Virus Total scan, but it isn't the only malicious application distributed as part of this campaign.
According to Christopher Boyd, a senior security researcher at GFI, other results distribute a well known rogue AV program called XP Anti-Spyware 2011.
"Big news stories will always result in a wave of Rogue AV in both regular search and image links, so be careful where you click (as much as you possibly can, at any rate)," the security expert advises.
Scareware applications are among the most common and most profitable threats on the Internet today. Cyber criminal gangs distribute scareware through black hat SEO in order to fund other illegal activities.