Royal Wedding Scareware Spreading Via SEO Poisoning
The latest scam exploits the Royal Wedding of Prince William and Kate Middleton, slated for April 29. Users are first subjected to the fake antivirus sites when they enter seemingly innocuous search terms, such as "Middleton" or "wedding dress," and bogus links appearing to contain information on the Royal Wedding appear at the top of the search pages through SEO poisoning techniques.
Malware authors typically capitalize on global events or holidays to bring users to their malicious sites, and this one is no exception, experts say.
"The Royal Wedding is going to spring into action on the 29th April, and Fake AV scans are starting to show up in relation to the 'Big Day,' said Christopher Boyd, senior threat researcher at GFI, in a blog post. "As a result, you might want to think twice before looking for jelly beans bearing the visage of Kate Middleton or strange turnips that look a bit like the future King of England when held at the right angle."
However, instead of being treated to images or information on Kate or William, users are redirected to fake antivirus sites where they are subjected to a phony antivirus scan of their computer and then pressured to submit credit card information for a bogus product claiming to rid their machine of infection.
"There are also search results leading to Fake AV when hunting for wedding dresses, and you bet that pretty much every search term under the Sun between now and the wedding day will be a target for SEO poisoning," Boyd said.
Scareware, or Fake AV, offers to do a phony computer "scan" on victim's machines, allegedly offering to detect any viruses on the victim's computer. When the fake scan claims to finds malware, hackers then offer to sell the victim a bogus antivirus product, which they claim will rid the machine of infection. In reality the product is bogus, and sometime malicious, sometimes causing more damage to victim's computer once it's downloaded.