Researchers at Symantec have discovered links to Rogue anti-Virus software via poisoned search results for news related to the earthquake and subsequent tsunami off the coast of Western Samoa. Meanwhile, Websense takes a look at Black SEO aimed at Microsoft.
Tsunami and Security Essentials related searches spread Rogue AV.
Despite the loss of lives in the South Pacific criminals wasted no time in poisoning search results in an attempt to make a fast buck and spread doom and gloom among those looking for up to date news and information related to the tragedy. Shortly after word of the quake and tsunami hit the mainland, Symantec researchers noticed that the keywords, “Tsunami”, “Western Samoa”, and “Earthquake” were returning pages linked to fake anti-Virus software.
In examples, Symantec noticed the Rogue anti-Virus application Windows PC Defender among the variants of the Malware being served. Windows PC Defender, like other Rogue anti-Virus applications, will bog your system down with fake alerts and warnings, offering to clean them if you pay the registration fee.
The criminals behind the BlackHat SEO, where search results are poisoned to place their malicious pages at the top of the results listings, make money per installation, and will use whatever methods they can to install the Rogue software on as many systems as they can. In the past, Rogue anti-Virus installations have been linked to the installation of further malicious software on a system, including Trojans and keyloggers.
In addition to poisoning the results related to the tsunami in Samoa, criminals have targeted searches related to Microsoft’s official release of Security Essentials. Security Essentials, Microsoft’s lightweight anti-Malware offering, was released on Tuesday after a few months in beta testing.
Researchers at another security firm, Websense, discovered links to Rogue anti-Virus, in this case the Rogue known as Total Security, while searching for downloads of Security Essentials. Some of the sites discovered were maliciously created for the search scam, while others were hijacked legitimate domains.
“One of the rogue links is directly under a MSDN blog entry discussing Microsoft Security Essentials. The rogue redirects are hosted on a variety of legitimate Web sites, which have been compromised including that of the British Travel Health Association. When a user is referred to the site by a search engine, they are instead redirected to malicious Web sites,” said Carl Leonard, Threat Research Manager for Websense.
While links related to current events are poisoned all too frequently these days, the best protection is layered protection, including commercial or free anti-Virus protection from a known vendor, and added protection from programs such as Malwarebytes AntiMalware, Spybot Search & Destroy, or SUPERAntiSpyware.
The correct link to download Microsoft Security Essentials is online here. You'll need to validate your installation of Windows before you can complete the official installation.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story