Internet criminals use SEO to dupe unsuspecting visitors into infecting themselves with malware and fake anti-virus products

(31/10/2008)

Internet criminals are now using tools such as Google Trends to identify the most popular and current Internet search terms. The same criminals then use new blogs on free hosting sites, such as Windows Live Spaces and AOL Journals, featuring the same search terms. When an Internet user then makes a search using those popular terms they get multiple links to these hosted blog sites in their search results.

If the user then clicks on the link, thinking it is relevant to their desired search, they are taken to a blog site with an apparent embedded video player. If the user clicks on the video player, they are prompted to load a ‘codec’ which surreptitiously loads malware, including fake anti-virus software which promises to clean non existent viruses from the computer in return for their credit card details.

“A recent example of an exploited search term was ‘OJ Simpson Verdict’. The criminals identify this as a ‘hot’ search term and then ensure their Windows Live Spaces blog contains ‘OJ Simpson Verdict’. This promotes the blog up the order in Google search results and increases the chances that users will hit those web pages.” said Phil Hay, Lead Threat Analyst for Marshal’s TRACE Team.

“Using search engine optimisation to promote web pages hosting malware shows increasing levels of sophistication and professionalism on the part of the criminals. The use of fake video players to disguise the installation of fake anti-virus programs is not new. This kind of activity has been going on for many months now, but previously the links have been promoted via spam. This new approach shows a diversification of tactics,” said Hay.

The malicious executables downloaded by clicking on the fake video player are not reliably detected as malware by established antivirus programs, further adding to the seriousness of the criminal’s activity.

“Fake anti-virus programs are especially prevalent right now. Once installed, the program pops up and tells you it has found viruses on your computer and offers to clean these if you are willing to pay via credit card. The viruses the program reports are fake, the program itself is fake and the so called legitimate company you deal with is fake. The whole thing is a con designed to part you from your money. It is fairly sophisticated and convincing,” explained Hay.

“Now the criminals are trying new methods of promoting their malicious web pages that aren’t dependant on spam. Our advice is to not blindly trust results from Google searches, and be wary of these kinds of links to hosted blog sites. Also, if you are unfortunate enough to be infected by one of these fake anti-virus products, do not provide any credit card information or payment of any kind. Use a legitimate and reputable anti-virus solution from a name brand vendor,” said Hay.

Related topics:  Hacking and intrusion prevention   Internet and Web security   Security threats and vulnerabilities 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources