14 DAY TRIAL // Security researchers warn that search results for this year's Oscars winners are riddled with malicious links leading to scareware. This comes after search results for the award ceremony's date and time were heavily poisoned yesterday.
An online battle for who gets to profit from Oscars-related news the most by infecting unsuspecting users with malware has began even since the nominations. About a month ago we reported a black hat search engine optimization campaign targeting rumors of George Clooney being the favorite for this year's Best Actor award.
Such campaigns continued throughout this period culminating on the eve of the ceremony when according to Vietnamese security vendor Bach Khoa Internetwork Security (Bkis) search results for "Oscars 2010 time" had a great chance of leading to malware. "Computer users [...] should be cautious when searching for the information on the event, you would possibly be led to fake AV websites," they warn.
The unfortunate users who click on the malicious links are taken through a series of redirects for the purpose of determining the operating system on their computers. Depending on the result of this check, a fake antivirus scan window specifically themed to mimic the OS is displayed in the browser.
But even with the event now behind us, the scareware pushers are as determined as always, Sophos warns. "Internet users searching for phrases like 'Oscars 2010 winners' may be putting the security of their computers at risk today, as some of the results returned by search engines can point to malicious webpages," explains Graham Cluley, senior technology consultant with the company.
These attacks are most likely triggered by the rise of these search keywords in Google trends. It is common practice for cyber-crooks to target hot search topics, regardless of how heartless or morally wrong it might be. Examples of recent BHSEO campaigns have targeted tragedies such as the Chile and Haiti earthquakes or the Air France Flight 447 crash.