Cybercriminals are using key search terms such as "2010 Super Bowl" by placing malicious sites at the top of the Google search pages to infect visitors' computers with malware.
Thus far, more than 15 percent of the top 20 Google search sites related to the 2010 Super Bowl are actually malicious sites designed to download malware onto visitors' computers, according to researchers at SonicWall, who first detected the malicious sites.
 |
| Fake Anti-Virus Scam |
The malware sites impersonate legitimate sites that appear to offer news or videos on the 2010 Super Bowl, and are ranked at the top of the search result pages in order to further convey authenticity. However, once opened, the malicious site attempts to persuade users to purchase fake antivirus software by impersonating a Windows security application. The application then offers to conduct a phony virus scan that produces fake positives.
Instead of downloading antivirus software, users are actually installing a Trojan designed to take control of their computer and incorporate their system into a larger botnet.
 |
| Poisoned Google Search Terms |
"These sites are injected or poisoned with malware," said Nick Bilogorskiy, manager of antivirus research at SonicWall. "They pretend to scan your computer, and they always find some result. Then they charge you to use their antivirus software."
Bilogorskiy said that the sites appeared to come from the same criminal organization. And while the malware doesn't automatically exploit a vulnerability or instantly infect users, the same pop-up will repeatedly attempt to force the user to install the malicious software, he said.
"If you're smart, you'll close the browser," Bilogorskiy said. "If you end the program, you can get out of it and not get infected."
Meanwhile, a regular antivirus program will likely not be enough to protect users. Bilogorskiy said that the cybercriminals update malware frequently, while continually staying apprised of which AV vendors have produced signatures for the threats.
To protect themselves, users need to exercise caution, and avoid downloading unsolicited software, even if it appears legitimate. "Users need to be informed of this attack and exercise caution when browsing," he said. "In general, just use safe computing practices and just don't install programs that you're not sure of."
