Instantly this news became very fruitful for all kinds of cybercriminals. Here is some of the proof we found:
SEO optimized Google image searches leading to a malicious site with the exploit for the “Help Center URL Validation Vulnerability”. The exploit drops into the system a malicious executable file which is a password stealer malware.
At the moment we found it, Kaspersky Anti-Virus detected the sample as Heur.Trojan.Win32 . Meanwhile the Jotti multiscanner results were 1/20
The exploit also works with Opera and Firefox browsers by dropping into the system a malicious PDF file:
SEO optimized for all non-Russian Google searchers leading to Rogue AVs, in particular to “XP Anti-Virus 2011” which actually is quite aggressive in blocking Internet access and extorting money for the activation
(Note: the third option anyway doesn’t allow browsing)
The infection scheme is quiet simple: a victim looks for pictures with the topic “Royal Wedding” and when the click comes with a Google reference a special malicious script redirects the victim to a malicious .cc domain with a classic Fake AV window.
Scams related to a fake Satellite TV where a victim should pay for the fake service. And of course, the credit card is being stolen once the payment is accepted.
- Spam on Twitter just abusing TT and leading to misc. junk content sites
We highly recommend using the latest patched Browser with a plugin like NoScript, don’t click on any unknown link, and keep your AV updated and real-time protection working.