NEWS FROM THE LAB - Thursday, February 25, 2010

60+ Compromised Sites with SEO Poisoning Posted by Response @ 07:23 GMT

More than 60 websites have been found to be hotbeds for SEO poisoning. Each of these domains host hundreds of possible matches for search keys.

Also, the topics in one domain overlap with that of the other domain, thus making it possible that they will both emerge in the search results. Topics range from the Winter Olympics Luge Crash to the death of Alexander McQueen and even to NASCAR Schedule.

When an unsuspecting user happens to input a particular search key that matches one of those being served by the compromised sites, the search results will be full of malicious links. Moreover, unlike before where there are only a few rogue links in the results, there are more than 60 this time, and a lot of them are in the top 10. This strategy increases their chances of being clicked by the user.

search results

After the user clicks on the link, a page will open, pretending to scan your system. Afterwards, it displays a supposed system infection and offers a "solution"…


If you execute it, you welcome a Rogue downloader onto the system…


And afterwards, the rogue itself…

security antivirus

Rogue distribution seems to be playing the numbers game. The more websites they can compromise, and the more search keys they employ, the more chances of getting their webpages matched en route to getting the scamware onto the user's system. It's pretty devious, and it seems to be working.

F-Secure Browsing Protection already protects users from visiting these compromised domains and the subsequent malicious sites they redirect to.

Response post by — Christine and Mina