14 DAY TRIAL // Security researchers warn that an on-going black hat search engine optimization (BHSEO) campaign has poisoned search results related to Chelsea Clinton with links leading to scareware scams. Searching for information about her new husband, Marc Mezvinsky, caries similar risks.
Chelsea Clinton is the daughter of former United States President Bill Clinton and current Secretary of State Hillary Rodham Clinton. This past Saturday Chelsea Clinton married investment banker Marc Mezvinsky, with the event benefiting from significant media attention.
Since cyber crooks never miss a change to piggyback on subjects that attract a lot of interest from the general public, Web search results related to the Mezvinsky-Clinton wedding were poisoned with malicious links. It seems that Chelsea Clinton's name combined with keywords like fiance, pictures, husband or wedding costs, have been targeted via what are known as black hat search engine optimization techniques.
According to researchers from Panda Security visiting the malicious links associated with this BHSEO campaign leads users to websites displaying fake antivirus scans and security alerts. Such rogue pages are part of scams, which attempt to trick users into installing scareware on their computers.
Scareware refers to malicious programs, which most of the time pose as legit security products. Their purpose is to scare users into paying for unnecessary license fees to clean supposed malware infections that never existed in the first place.
From our own testing we determined that search results related to Marc Mezvinsky or even his father, former United States Congressman Edward Mezvinsky, can also lead to malicious Web pages. However, this seems to be a different campaign employing the recently reported Mozilla Firefox What's New page trick.
In this scam users are taken to clone of the page normally displayed right after a successful Mozilla Firefox upgrade. This is known as the Firefox “whatsnew” page and is also used to inform users about outdated Flash plug-in versions. Cyber criminals are exploiting this to pass scareware as a Flash Player update.
You can follow the editor on Twitter @lconstantin