Rogue AV scam targets Google users

Share this article:

An ongoing attack on Google users is sending victims to rogue anti-virus software sites, researchers said this week.

The attack takes advantage of Google's page-ranking feature, according to researchers at eSoft's Threat Prevention Team. The scam works like this: An attacker hacks a site, but instead of embedding exploits on the hacked site, they put links to other websites to boost rankings for malicious sites, and Google users in particular seem to be the targets.

“The sites whose search engine ranking is being boosted are now serving up malware through a complex series of redirects,” Lee Graves, senior technical services engineer with eSoft, wrote on the company's Threat Prevention Team blog.  “However, the redirects and the malware are only served up if the user gets to the site after clicking the link on Google. Going directly to the malicious site (by pasting into your browser directly) results in a harmless page.”

But clicking on the results in Google may bring the user to a website using a common rogue anti-virus template that alerts the user that their PC is infected and prompts unsuspecting users to download what is really a trojan.

“They're actually using a PageRank bomb, or blackhat SEO attack,” Graves told Tuesday.

There seems to be a few specific search terms being used, and others terms are regularly being added, he said.

“There are bunch of dangerous search terms,” Graves said. “As news changes, the terms they use change.

The scam is similar to other scareware attacks, he said.

“If you click on a dangerous result, you'll get redirected around to a couple of places, then come to a rogue AV site that says you're infected with all kinds of malware,” he said.

So far, Google is the only search site involved in the attack. A spokesman for the search giant could not be reached for comment Tuesday.

Share this article:

Sign up to our newsletters

More in News

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.