Wednesday 17 November 2010

WARNING! Scareware SEO attack exploits engagement of Prince William and Kate Middleton | Naked Security

Yesterday, the news wires were hot with the announcement of the engagement of Prince William to Kate Middleton. As ever with hot news stories, one thing is inevitable. It is just a matter of time before the story is picked up and used in blackhat search engine optimisation (SEO) attacks.

Searching for 'kate middleton + william' revealed a huge number of results, including several images on the first page of the results.

Royal family engagement images

Unfortunately, some of these images are actually within malicious SEO pages, and clicking through to them results in an immediate redirect to a rogue web site, where the user is greeted with a warning message.

Warning message

From here on, it is the usual fake anti-virus trickery, starting with the fake system scan.

Fake anti-virus scan

The user is tricked into downloading and installing the fake anti-virus (which is using the filename inst.exe at the time of writing). Once installed, our old friend Security Tool runs a scan of the system.

Fake anti-virus

Happily Sophos customers are pro-actively protected from this spate of attacks - the fake anti-virus malware is already detected (as Mal/FakeAV-EE).

For those looking to understand a little more about how SEO attacks are constructed, take a read through the paper we recently posted, or check out the following video that Chet created.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

WARNING!

Flickr - projectbrainsaver

www.flickr.com
projectbrainsaver's A Point of View photoset projectbrainsaver's A Point of View photoset