Yesterday, the news wires were hot with the announcement of the engagement of Prince William to Kate Middleton. As ever with hot news stories, one thing is inevitable. It is just a matter of time before the story is picked up and used in blackhat search engine optimisation (SEO) attacks.
Searching for ‘kate middleton + william’ revealed a huge number of results, including several images on the first page of the results.
Unfortunately, some of these images are actually within malicious SEO pages, and clicking through to them results in an immediate redirect to a rogue web site, where the user is greeted with a warning message.
From here on, it is the usual fake anti-virus trickery, starting with the fake system scan.
The user is tricked into downloading and installing the fake anti-virus (which is using the filename inst.exe at the time of writing). Once installed, our old friend Security Tool runs a scan of the system.
Happily Sophos customers are pro-actively protected from this spate of attacks – the fake anti-virus malware is already detected (as Mal/FakeAV-EE).
For those looking to understand a little more about how SEO attacks are constructed, take a read through the paper we recently posted, or check out the following video that Chet created.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Source: Naked Security – Sophos
Related Posts
- The Royal Wedding and The Fake Antivirus
The Royal Wedding of Prince William and Catherine Middleton that will be held tomorrow, on April 29, will attract the attention of many people around the world, and has become a trending topic on vari... - Attackers using Prince William engagement for attacks
It didn't take long for attackers to take advantage of the big news that Prince William and Kate Middleton are getting married. As we have explained before, attackers have the ... - Blackhole exploits kit attack growing
Recently, we have seen an increase in Blackhole exploit kit attacks. Blackhole is yet another web exploit kit developed by Russian hackers. According to one forum, the author indicates that the kit wi... - Exploits, Malware, and Scareware Courtesy of AS6851, BKCNET, Sagade Ltd.
Never trust an AS whose abuse-mailbox is using a Gmail account (piotrek89@gmail.com), and in particular one that you've come across to during several malware campaigns over the past couple of month. I... - Scareware, Sinowal, Client-Side Exploits Serving Spam Campaign in the Wild
AS50215 Troyak-as customers are back, with an ugly mix of scareware, sinowal, and client-side exploits serving campaign using the "You don't have the latest version of Macromedia Flash Player" theme.... - GazTransitStroy/GazTranZitStroy: From Scareware to Zeus Crimeware and Client-Side Exploits
Remember 2009's GazTransitStroy/GazTranZitStroy LLC, AS29371?
The fake Russian gas company whose motto was "In gaz we trust"? It appears that in order to stay competitive within the cybercrime ecosys... - Malicious E-Cards on the prowl
Emails disguised as electronic cards have been used as bait over and over again for malicious intent. The fact that they are overused is a clear indicator that this lure indeed works.&n... - Backdoor Trojan lives on RE/MAX’s website
RE/MAX is a well known international real estate company. Here is one of their Israeli's websites:remaxplus.co.ilAlthough everything looks fine on the surface, the site has been hacked and is hosting ... - Mass Injections Leading to g01pack Exploit Kit
Our ThreatSeekerR Network is constantly on the lookout to protect our customers from malicious attacks. Recently it has detected a new injection attack which leads to an obscure Web attack kit.&... - The Increasingly Shapeshifting Web
Short URL services are problematic, and they are becoming even more so in combination with IP location technologies.From twitter.com earlier today:If you look closely, you'll notice it's one spambot, ...
Posted on 17 November 2010. Tags: Attack, engagement, Exploits, Kate, Middleton, Prince, Scareware, William
