14 DAY TRIAL // A Google Images black hat SEO campaign which distributes scareware for both Windows and Mac OS X users, has managed to capture 300 million hits.
Black hat search engine optimization (BHSEO) campaigns refer to the practice of poisoning search results for popular keywords with malicious links, or in this case, images.
They work by leveraging the search ranking of legitimate compromised websites to push spam pages up in search results for particular terms.
According to security researchers from Trend Micro who analyzed this campaign, attackers used stolen FTP accounts to upload keyword-laden pages onto legitimate websites.
These page appear to have legitimate content when Google's crawlers index them, but redirect real users to scareware pages.
"To date, we were able to identify 4,586 compromised servers that have connected to the blackhat SEO command server to retrieve updated redirection scripts," the Trend researchers write.
The most interesting aspect of this campaign is that it targeted both Windows and Mac users through specially designed pages and fake antivirus programs.
Mac users got redirected to pages mimicking the Mac OS X interface and displaying a fake antivirus scan with infection warnings. The rogue security product distributed by these pages is called "Apple Security Center" and is designed to look and feel like a Mac application.
As usual, the goal of this application is to scare users into thinking they have a security problem and buy a useless license to fix it. Meanwhile, Windows users get redirected to both scareware pages and drive-by download ones that use the Black Hole Exploit pack.
Trend Micro researchers obtained access to the command and control server of this campaign and found out that it redirected a total of 296,413,984 hits from 113,454,246 unique visitors.