Yesterday, the news wires were hot with the announcement of the engagement of Prince William to Kate Middleton. As ever with hot news stories, one thing is inevitable. It is just a matter of time before the story is picked up and used in blackhat search engine optimisation (SEO) attacks.
Searching for 'kate middleton + william' revealed a huge number of results, including several images on the first page of the results.
Unfortunately, some of these images are actually within malicious SEO pages, and clicking through to them results in an immediate redirect to a rogue web site, where the user is greeted with a warning message.
From here on, it is the usual fake anti-virus trickery, starting with the fake system scan.
The user is tricked into downloading and installing the fake anti-virus (which is using the filename
inst.exeat the time of writing). Once installed, our old friend Security Tool runs a scan of the system.
Happily Sophos customers are pro-actively protected from this spate of attacks - the fake anti-virus malware is already detected (as Mal/FakeAV-EE).
For those looking to understand a little more about how SEO attacks are constructed, take a read through the paper we recently posted, or check out the following video that Chet created.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
WARNING!
