March Madness-related SEO Poisoning Leads To Rogue AV With only a few days left before the tournament starts, if a user searches for popular March Madness-related terms in Google, malicious URLs as high as the first result are returned. Search terms that currently exist within the Top 10 of Google's Hot Trends (the most popular search results) return these malicious URLs.
If a user clicks through these links (such as hxxp://[removed].de/news/nit_bracket_2009.html) they are redirected, via Javascript code, to a Web site advising the user that their machine is infected. The rogue AV Web site encourages the user to install a file called install.exe.
The technique of search engine optimization (SEO) poisoning pushes the infected URLs to the top of the search results, to increase the likelihood of a user clicking through to the malicious link.
Ask.com is also confirmed to be affected in this way. Other search engines may be affected in a similar manner.
Complete Article and Screenshot:
http://securitylabs.websense.com/content/Alerts/3322.aspx---------------------------------------
NCAA March Madness Malicious Blog LinksWebsense® Security Labs(TM) ThreatSeeker(TM) Network has discovered a massive malicious comment spam campaign brewing in the blogosphere, made to coincide with the NCAA's "March Madness" basketball tournament.
Clicking on the URLs in the blog comments associated with this spam campaign takes users to a malicious Web site masquerading as a fake anti-virus scanner, or a Web site that serves up a fake video codec download.
Websense, Inc., recommends that NCAA basketball fans be cautious when clicking on March Madness related hyperlinks.
More Here:
http://securitylabs.websense.com/content/Alerts/3323.aspx
Author