BlackHat SEO targets Apple’s iPad

by Steve Ragan - Feb 1 2010, 17:00

Using the buzz leading up to and after its official announcement, criminals are hijacking search results regarding Apple’s iPad and related keywords to spread a Rogue anti-Virus application “Live PC Care”.

As far back as December, when rumor fueled partly by PR teams and gossip hounds generated buzz around a new Tablet computer from Apple, there were sporadic and minor SEO attacks on the related keywords.

Just after the holidays, the buzz continued and more and more people started talking about what we now know as iPad. Before we had the name iPad, there was talk about iSlate and iTablet, as fans and media alike attempted to guess the name of the new device, if it actually existed.

Criminals focused on this rapidly growing trend and moved to spike the search results related to the speculated names. The result was a stream of “news” sites, “Tag Archives”, and blogs reporting that they had the latest scoop. What they have, in all reality, are PHP scripts that craft page titles based your search string.

The image below shows the results of “Apple Tablet Announcement 2010”, which was the keyword pattern used by the criminals the day Apple made the iPad official. Of the three sites not blurred, the second one leads to Rogue anti-Virus (Live PC Care), and fortunately is being blocked by many legit anti-Virus vendors and Google. [Details]

 

 

The Rogue anti-Virus delivered by the sites focused on the iPad is like the others, it will annoy you with security warnings on your desktop, redirect your browser, and the initial scan will detect hundreds of infections on an otherwise clean system. Based on some research, each of the sites serving Live PC Care are members of an affiliate program, which means they are likely being paid per installation.

As mentioned, Google is blocking most of the sites, but not all of them. There are several security vendors flagging PC Care Live as well. To date, The Tech Herald can confirm that Symantec, McAfee, Panda, and Kaspersky are blocking attempted installations of this Rogue. Other vendors are likely to detect it as well, so it is important to have solid security coverage on the system.

It makes no sense to warn anyone off searching for the latest news and information by using Google; odds are that you will find legit sites more often than malicious ones.

The time to use extra caution is usually on the day news breaks and a few days after. When it comes to major events like the launch of the iPad, the days leading up to the launch will see BlackHat SEO activity as well.

In this case, the sites serving the Rogue anti-Virus were relatively easy to spot; they each had a domain name that matched the search terms exactly. As always, when looking for more information on a subject, stick to legit news sites and known information sources. Take care to avoid seemingly randomly generated domain names, and the ones that seem too good to be true.

Around the Web