Panda Security has a California based office in Los Angeles.  We are located in close proximity to two ongoing wildfires in the Angeles Crest National Forrest that have now burned through at least 30 acres, so naturally we have been keeping an eye on it.  To my surprise, I pulled up a Google search for “Angeles Crest Fire” and the result yielded a malicious link above most relevant sources. 

Update: 9/01/08 – The Blackhat SEO attack has now grown significantly: http://bit.ly/7jqGc

Angeles Crest Fire - Malicious Search Result  

Once clicked, the site loads and checks to make sure the user came from Google.  If so, the following script begins the redirection to the Rogueware site:

Angeles Crest Fire - Malicious Script

The Rogueware site is designed to display a fake Antivirus scan designed scare victims into thinking that their computer is infected.  If the Malware is downloaded and installed as the site suggests, the user will see a fake Antivirus program pop up on their computer.  At that point it becomes very aggressive and difficult to remove.    


Adware/PersonalAntivirus


File:
Antivirus-x_x.exe
Size: 172032
MD5: 0E9BC3499560EEA9261F5883FAE2A10E

Malware Info: Adware/PersonalAntivirus.

Rogueware attacks are among the most prevalent attacks on the Internet today.  You can see our latest report on them here: The Business of Rogueware (pdf)

5 Steps to Avoid Infection:

  1. Always have up-to-date Anti-Malware software installed.  If you don’t have one or if your current solution is not removing the Malware, you could download a free trial from us here: http://pandasecurity.lin3sdev.com/usa/homeusers/downloads/evaluation/

  2. Don’t rely on search engines to provide valid or safe search results.  You can improve your chances of safe browsing by downloading our free Web of Trust browser plugin: http://pandasecurity.lin3sdev.com/homeusers/downloads/wot/

  3. Pay close attention to what links you are clicking on.  If you don’t recognize the source you may want to research the domain in a separate search or avoid the link all together. 
  4. Rogueware attacks rely on Social Engineering (I.e. making you believe you are infected when you are not).  Don’t believe it! Simply close the browser window if you see a scan appear all of the sudden.  If you cannot close the window with your mouse you can try ALT+F4 to force close it.
  5. Don’t be afraid to ask for help.  Call your Antivirus Company or a tech savvy friend if you feel that you are in over your head.