Search results poisoned with bad URLs

Apr 12, 2010 15:23 GMT  ·  By

The recent plane crash that resulted in the death of Polish President Lech Kaczyński and tens of other state officials is currently being exploited via BHSEO campaigns. Search results related to the tragedy have been poisoned with malicious links that push scareware-type computer programs.

On April 10th, 2010, a Tupolev Tu-154M plane belonging to the Polish Air Force and carrying the country's president and 96 other people crashed near the Russian city of Smolensk. The official delegation was on its way to attending the 70th anniversary ceremony of the Katyn Forest massacre.

The crash resulted in the death of all the people on board, including President Kaczynski, his wife Maria and other notable Polish state officials, such as the Polish military joint chiefs of staff, the central bank governor or the head of the National Security Office. So far, the ongoing investigation has revealed that the plane crashed and caught fire just off the runway, after clipping trees in an attempt to land during heavy fog.

As the sad news quickly spread across international news channels, search-engine traffic for keywords related to the crash exploded. Unfortunately, this also attracted the attention of cybercriminals, who rarely miss an opportunity to exploit important events like this one. "We are, by now, all too familiar with the use of items of news (real or fabricated, tragic or trivial) as a hook on which to hang SEO poisoning attacks, but here is another instance," David Harley, director of malware intelligence at antivirus vendor ESET, announced.

Related poisoned search queries were also reported by researchers from CA, who warn that, "Blackhat SEO has been taking advantage of the recent tragedy involving the death of Poland’s President Lech Kaczyński. A quick search on Google can give you websites redirecting to FakeAV related websites."

FakeAV is a family of malicious programs that scare users into paying useless license fees by displaying fake security alerts. Most of the times, the victims of such schemes also end up compromising their financial details.

To avoid this kind of threats, users are advised to read news only from reliable and tested sources. Browsing the Web with a capable and up-to-date antivirus program installed on the computer is also a must.