Remember when I said that Google Instant was a potential security disaster? Well, it turns out that Google’s new Instant Preview feature can help lure innocent victims over to malware campaigns. Blackhat SEO campaigns work by tricking search engines into displaying malicious search results. Criminals achieve this a few ways, but the most common way is to generate thousands of related text, images, and videos. I recommend reading Steve Ragan’s in depth deconstruction of Blackhat SEO for more information about how these attacks work.
Yesterday, we talked about a Blackhat SEO scam targeting various Black Friday keywords. If you take a look at the Google Instant Preview pane on the right, you’ll see that actual Best Buy ads are shown! This could very well convince someone to click on the malicious link!
Clicking on the link will cause your computer to redirect to the following fake Firefox update website or a fake antivirus scan page (depending on which browser you are using):
Installing the “update” will infect your computer with the Adware/SecurityTool Rogueware:
I’ve said it before and will say it again. You simply cannot trust search engines to provide safe and accurate search results. Use extreme caution when searching for hot topics, as they are actively targeted by cyber criminals each and every day.
1 comment
Also named “System Tool” My Panda protection did not stopped that Malware. I have seeked the register for System Tool and found in Documents and Settings All UsersApplicationData that file : oJlOe01814.exe with 3 other mentions. Then I ereased them and everthing went fine.
Thanks for your help.
Georges Drouin.