Rogue AV scam targets Google users

Share this article:

An ongoing attack on Google users is sending victims to rogue anti-virus software sites, researchers said this week.

The attack takes advantage of Google's page-ranking feature, according to researchers at eSoft's Threat Prevention Team. The scam works like this: An attacker hacks a site, but instead of embedding exploits on the hacked site, they put links to other websites to boost rankings for malicious sites, and Google users in particular seem to be the targets.

“The sites whose search engine ranking is being boosted are now serving up malware through a complex series of redirects,” Lee Graves, senior technical services engineer with eSoft, wrote on the company's Threat Prevention Team blog.  “However, the redirects and the malware are only served up if the user gets to the site after clicking the link on Google. Going directly to the malicious site (by pasting into your browser directly) results in a harmless page.”

But clicking on the results in Google may bring the user to a website using a common rogue anti-virus template that alerts the user that their PC is infected and prompts unsuspecting users to download what is really a trojan.

“They're actually using a PageRank bomb, or blackhat SEO attack,” Graves told SCMagazineUS.com Tuesday.

There seems to be a few specific search terms being used, and others terms are regularly being added, he said.

“There are bunch of dangerous search terms,” Graves said. “As news changes, the terms they use change.

The scam is similar to other scareware attacks, he said.

“If you click on a dangerous result, you'll get redirected around to a couple of places, then come to a rogue AV site that says you're infected with all kinds of malware,” he said.

So far, Google is the only search site involved in the attack. A spokesman for the search giant could not be reached for comment Tuesday.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.