Threat Management, Network Security

Hackers prey on Ford Motor Co. searches to boost rankings

Updated Tuesday, March 15, 2009 at 10:00 a.m. EST

Attackers are using the Ford Motor Co. name to poison search engine results with some 1.2 million malicious links that lead to rogue security software, according to PandaLabs.

Attackers use search-engine optimization (SEO) to get their malicious sites to the top of results on Google and other search engines. On Monday night, researchers at PandaLabs started tracking this threat, which is ongoing, Sean-Paul Correll, threat researcher and security evangelist for Panda Security, told Tuesday.

When searching for terms related to the automaker, including Ford car parts, model numbers, and reviews, the malicious sites appear at the top of Google search results, Correll said. If users visit one of the malicious sites, they are prompted to download and install a malicious codec, which then installs rogue security software called “MS AntiSpyware 2009,” Correll said.

PandaLabs has posted a partial list of poisoned search terms on its blog. Among the long list of poisoned terms are "1950s Ford Thunderbirds," "2009 Ford" and "Ford parts catalog."

A spokesperson at Ford Motor Co. did not respond to a request for comment Tuesday.

Correll said most users would run the download that shows up after they click on the link because they assume it is a video related to what they are searching for. But when doing so, a user's computer is silently being infected with rogue AV software, along with several other types of malware that facilitate click fraud via pop-ups, Correll said.

Once infected, a user is bombarded with pop-up advertisements, which are part of a pay-per-click affiliate-advertising scheme, Correll said. In addition, the user is prompted to purchase a “lifetime license” to the rogue AV for $79.95.

“They are trying to get credit card and personal information from the user,” Correll said. “The $80 payment is nice, but if they could extract more, they will.”

Correll said that with nearly 1.2 million malicious links, the crooks likely are using an automated system and could be leveraging a botnet to poison search results.

He added that Ford was likely targeted because there are a lot of probable search terms to take advantage of, since there are many different Ford model and parts.

“They are trying to maximize their profitability, and by targeting people who buy classic Fords, that's an affluent crowd that the cybercriminals are likely to extract money from,” Correll said.

Correll said that rogue AV has become an “epidemic.” Microsoft last week named these so-called scareware programs the top threat facing internet users.

Recently, attackers poisoned Google search results related to March Madness. By using the tactic to spread rogue anti-virus software, cybercriminal gangs are netting as much as $10,800 a day, according to a report released last month by security firm Finjan.

“You always have to educate users on these types of attacks,” Correll said. “Even though it seems it's the most common thing on the internet, people are still becoming infected, and the cybercriminals are still making millions of dollars.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.