Press Panda Security
0

More than a million false domains download malware using the name of a well-known car manufacturer as bait

- Attackers have used SEO techniques to manipulate search results for Ford, improving the indexing of malicious pages to distribute the MSAntiSpyware2009 and Anti-Virus-1 fake antiviruses

- PandaLabs has detected more than one million search engine results pointing to these websites

- You can watch a video describing the infection process here: http://vimeo.com/4143942

 

PandaLabs, Panda Security’s malware detection and analysis laboratory, has detected a black hat SEO attack (Search Engine Optimization) using the name of the Ford car manufacturer as bait to distribute malware on the Internet. Specifically, PandaLabs has discovered 1.2 malicious results in searches related to the Ford Motor Co. which point to these malicious pages. The malware is distributed as follows: When users searching for information about Ford click one of the malicious results, they are taken to a Web page in which it seems as if they are about to see a video. If they try to watch the video, they will be prompted to download another program. This program, however, is really a fake antivirus.

PandaLabs has detected two fake antivirus programs that are distributed in this way: MSAntiSpyware2009 and Anti-Virus-1. These fake antiviruses are designed to make users believe that their computers have been infected by malware. They do this by simulating a scan of the system and supposedly detecting malware. Users are then offered the chance –through pop-ups and banners- to buy the pay version of the fake antivirus to clean their computers. If they don’t buy it, the malicious code will prevent the computer from operating properly in an attempt to coax users into buying the product. This type of malware has increased significantly over the last year.

According to data from PandaLabs, the number of variants of fake antiviruses has increased one hundredfold between the first quarter of 2008 and the corresponding period in 2009. In fact, in the first three months of 2009 no less than 111,086 new strains of fake antiviruses were detected, 20% more than in the whole of 2008. “These malicious codes are designed to generate profits for their creators buy tricking users into buying the pay-version of the product”, explains Luis Corrons, Technical Director of PandaLabs. One of the most notable features of this infection, according to the Panda Security laboratory, is that it is one of the few black hat SEO attacks to focus on a single brand. You can watch a video describing the infection process here: http://vimeo.com/4143942

For more information about this infection, go to the PandaLabs blog. http://pandalabs.pandasecurity.com/archive/Targeted-Blackhat-SEO-Attack-against-Ford-Motor-Co_2E00_.aspx

You might also like

Cyber-crooks manipulate Internet searches to sell fake antivirus products
- PandaLabs has detected Web pages using SEO techniques or maliciously exploiting Google Trends...
The 2010 South Africa Soccer World Cup used as bait to spread the MySecurityEngine rogueware
PandaLabs, the anti-malware laboratory at Panda Security –The Cloud Security Company–, has reported...
Cyber-criminals create specialized search engines leading users to malicious websites
- This new trend reflects the professionalization of cyber-crime - The majority of the results...
Over 200 websites use Justin Bieber as bait to distribute malware
Blackhat SEO techniques are being used by cyber-criminals to position malicious links among the top...

Comments

Be the first to leave a comment

Leave a Reply

(required)
(will not be published) (required)