Update: Learn about the latest BHSEO attack here.
Blackhat SEO (BHSEO) is currently one of the most prevalent distribution methods for Malware on the Internet. It’s also one of the most dangerous methods because of the user-implied trust in search results. A Forrester research study conducted in 2008 showed that 50 percent of Internet users trust content delivered by search engines. It’s no surprise that cyber criminals have been using malicious search results as a main monetization stream.
The Rogueware campaign we blogged about last week turned into a full blown BHSEO attack targeting relevant news topics such as, the California wildfires, Ted Kennedy’s death, DJ AM’s death, Mega Millions Lottery, Hurricane Danny, UFC 102, CNN and BBC breaking news among thousands of search terms and 123,000 links. Upon clicking one of many malicious links in the top ranking search results, the victim is put through several redirections and finally taken to a fake scan website designed to infect and extort money.
Fake scan site:
Installer:
File: setup.exe
Size: 72192
MD5: 2C0625D97A5BC7EC299D33CE8C9A299E
Adware/SmartVirusEliminator
Tag cloud of exploited keywords:
Most exploited keywords:
- BBC News 2009
- CNN News 2009
- Ted Kennedy
- Official Website
- USA News
- Hottest Info/News
- CA/California Fire
- Lottery
- Hurricane
- Halloween
The full list can be downloaded here: BlackhatSEO.txt
You can read more about Rogueware in our most recent report: The Business of Rogueware [pdf]
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
