The Register® — Biting the hand that feeds IT

Feeds

Swayze death exploited to serve up fake anti-virus

I've had the crime of my life

By John Leyden, 15th September 2009
  • print
  • alert

Cloud based data management

Miscreants have moved swiftly to establish malicious websites designed to rip off users searching for more information on the death of actor Patrick Swayze on Monday.

Black-hat search engine manipulation means that many sites that appear prominently in search engine results point to sites slinging fake anti-virus scanners. Surfers visiting these sites are warned of non-existent security problems in a bid to trick them into buying software of little or no utility. A video (below) from Sophos explains the particulars of the Swayze-themed attack.

Other trending topics including Serena Williams's US Open tennis semi-final outburst video (as explained here) and the anniversary of the 9/11 attacks have also been exploited as themes for scareware traps over recent days.

The mechanism of such attacks in general is growing in sophistication, as well as frequency. In many cases, sites already listed in Google's index for a search term of interest are hacked by the bad guys, with the intention of planting malicious scripts that redirect users onto the scareware payload sites.

Graham Cluley, senior technology consultant at Sophos, explained: "Sometimes the scareware guys create brand new webpages (new domains) and stuff them with keywords and the like to try and get them high on Google's search results."

"However, the sheer fact that they are newly registered domains makes them more suspicious than domains that have been around for some time, and so this can work against them."

"So, they're breaking into existing sites, creating webpages that are stuffed with relevant keywords in the hope that they will both get higher in search results *and* benefit from the fact that the domain has existed for some time," he added.

Malicious scripts on compromised sites are programmed to avoid forwarding unwitting surfers to the scareware download site unless Google is the referrer. The tactic is designed to help scams to say undetected for longer.

"The fact that the pages do nothing suspicious unless you visit them *via* Google (the referrer thing) is part of their cover," Cluley explained. "They're hoping that inquisitive sysadmins won't realise what's going on - if they do load up the page (without going through Google) they won't see anything suspicious." ®

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

COMMENTS

House Rules Send Corrections
All Reader Comments (7)
Latest Comments
Anonymous Coward
Anonymous Coward

Re: Here we go again

I have the same thought when the bright sparks on these comments pages trot out the same old advice time after time. They elevate themselves above the 'numpties' and 'muppets' who are too 'dumb' to read The Register (they're the ones who make these mistakes, after all,) yet waste time and network traffic addressing comments to them. What do you expect to achieve, genius? To re-use an old saying, you're preaching to the choir. Though it does guarantee your audience will agree with you, I suppose. Sort of a validation, in a really sad way.

0
0
John Ridley 1

Seriously...

Is this even news anymore? This has happened EVERY time anyone vaguely famous died for the last year or two.

0
0
Anonymous Coward

Here we go again...

Simple....

Note to muppets who were not paying attention last time this happened and had to pay PC World £300 to fix their machine....

1. Don't click links in emails! Yes, even the ones from your best mate!

2. Don't click on ads on webpages, especially popups. If you want a widget, get Google out and look for widget at reputable online store, Amazon that sort of place.

3. Install AV/Malware software. Christ you don't even have to buy it now, there are plenty of orgs doing it for nothing, ClamAV etc. No, don't click on that security warning ad and...oh for the love of...not again.....a reputable AV org not ones that promises to....never mid....OI....look, JUST STOP CLICKING!!!

To re-use an old saying:

Would you do that in the real world? No? Then don't do it here!

Finally my own favourite, stop using Windows, either install Ubuntu or save up and buy a Mac!

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
136
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
61
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17