Rogue AV scam targets Google users

Share this article:

An ongoing attack on Google users is sending victims to rogue anti-virus software sites, researchers said this week.

The attack takes advantage of Google's page-ranking feature, according to researchers at eSoft's Threat Prevention Team. The scam works like this: An attacker hacks a site, but instead of embedding exploits on the hacked site, they put links to other websites to boost rankings for malicious sites, and Google users in particular seem to be the targets.

“The sites whose search engine ranking is being boosted are now serving up malware through a complex series of redirects,” Lee Graves, senior technical services engineer with eSoft, wrote on the company's Threat Prevention Team blog.  “However, the redirects and the malware are only served up if the user gets to the site after clicking the link on Google. Going directly to the malicious site (by pasting into your browser directly) results in a harmless page.”

But clicking on the results in Google may bring the user to a website using a common rogue anti-virus template that alerts the user that their PC is infected and prompts unsuspecting users to download what is really a trojan.

“They're actually using a PageRank bomb, or blackhat SEO attack,” Graves told Tuesday.

There seems to be a few specific search terms being used, and others terms are regularly being added, he said.

“There are bunch of dangerous search terms,” Graves said. “As news changes, the terms they use change.

The scam is similar to other scareware attacks, he said.

“If you click on a dangerous result, you'll get redirected around to a couple of places, then come to a rogue AV site that says you're infected with all kinds of malware,” he said.

So far, Google is the only search site involved in the attack. A spokesman for the search giant could not be reached for comment Tuesday.

Share this article:

Sign up to our newsletters

More in News

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.

IG scolds NOAA on security deficiencies, recommends fixes

IG scolds NOAA on security deficiencies, recommends fixes

An audit of NOAA by the inspector general found security shortcomings, including the link between information systems and satellite systems.

HP tests 10 popular IoT devices, most raise privacy concerns

HP tests 10 popular IoT devices, most raise ...

In a study, HP Fortify tested 10 popular Internet of Things (IoT) devices, including TVs, webcams and device control hubs.