Another day, another disaster, this time a big earthquake on Haiti, and once again, the bad guys are exploiting this subject to poison search results so that those looking for some news get lead to a page offering a rogue AV solution. We’re detecting this rogue software, and all its variants, as UDS:DangerousObject.Multi.Generic.
Our colleagues at Sunbelt Software have identified more than 50 search items used on search engines to lead the user to a malicious page. This isn’t exclusive to Google – Yahoo! results also are affected by the same trick:
Another interesting fact is you only get redirected to the malicious page offering the rogue AV if the referral link originated in a search engine page. If you try to directly access the URL, you’ll see a clean page:
Search poisoning, again