No surprise at all that Google searches
for information about the
Twitter worm
would lead to malware sites, it was really
just a matter of time. Especially not
after all the talk about it over the
weekend and the guy behind it even
confessing everything. Malicious search results about popular
news is something we see very often
unfortunately.
By searching
for "Twitter worm" on Google one of
the top 10 hits look like this:
Which leads to this site:
But you'll never see that as
you immediately will get redirected to
videosexos.cn which immediately
redirects you to
loyal-porno.com which tricks you
into downloading a fake video codec from
codecvistaz.com. No exploits are
used, it's just social engineering. At
least for now.
And the fake codec is of
course malware. In fact, it's a trojan
downloader that downloads some additional
malware, including a
rogue security product
called WinPC Defender which shows
fake malware detections.
Like all rogue security
products it will tell you that you have
malware on your PC and that you have to
buy the product to remove them. This is
more expensive then usual though as they
want you to pay $69.99 (the usual
rate seem to be $39.95).
So, unfortunately we're not
surprised that this happned. As usual, get
your news and information from sources you
trust. Random Google searches can't be
trusted.
