• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Malware   »   Blackhat SEO and FAKEAV: A Dangerous Tandem

Blackhat SEO and FAKEAV: A Dangerous Tandem

  • Posted on:September 22, 2009 at 2:11 am
  • Posted in:Malware
  • Author:
    Jessa De La Torre (Senior Threat Researcher)
3

Trend Micro researchers were alerted of blackhat SEO campaigns that led to FAKEAV or rogue antivirus. The cybercriminals behind these attacks hitchhiked on high profile news like the recent death of Patrick Swayze, Kanye West’s infamous interruption on MTV VMA awards, and the death of Yale student Anne Le.

Upon further analysis, our researchers discovered that the poisoned keywords are not only limited to recent events. According to Advanced Threats Researcher Joey Costoya, there are many hijacked search items that point to FAKEAV.

Here are some of the search terms:

  • Act Registration
  • Alan Thicke
  • Archer FX
  • Archer Fx
  • Beaches Movie
  • Cbs Survivor
  • Community Imdb
  • Community Nbc
  • Community Show
  • Community Tv
  • Delta Smelt
  • Dina Meyer
  • Divas Live 2009
  • Ernie Anastos
  • Fx Network
  • Gillian Jacobs
  • Grandma S Boy
  • Huron Ca
  • Huron California
  • Janet Napolitano
  • Joel Mchale
  • Kanye West Interruption Video
  • Katherine Heigl Baby
  • Melinda Loveless
  • My Date With The President S Daughter
  • Polwizjer
  • Ralphie May
  • Russell Hantz Oil Company
  • San Joaquin Valley
  • Sniffish
  • Starship Troopers
  • The Gang Exploits The Mortgage Crisis
  • The Office Gossip
  • The Valley Hope Forgot
  • Volkswagen L1 Concept

These search strings might be based on Google Trends as it shows the top searches people made in Google. These hijacked search strings are then linked to sites that served FAKEAV.

In addition, the cybercriminals behind such attacks are doing GeoIP checks. If the user sports a US IP address, the FAKEAV sites emerge. Otherwise, accessing the URL will produce an HTTP 404 page. Thus our advice for users from the US which are obviously singled out as the target of these attacks: Be extra careful!!

SEO poisoning is becoming the main contraption of rogue antivirus applications. It often rides on current events as we had blogged before in the following posts:

  • FakeAV for 9/11
  • California Bush Fires Spark Blackhat SEO Campaigns
  • Cory Aquino’s Death Used to Spread Another FAKEAV
  • “Solar Eclipse 2009 in America” Leads to FAKEAV
  • Blackhat SEO Quick to Abuse Farrah Fawcett Death

Users are advised to be cautious in their Web searches and to visit credible websites only. Trend Micro already blocks and detects all malicious URLs through its Trend Micro Smart Protection Network.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Waterbear is Back, Uses API Hooking to Evade Security Product Detection
  • December Patch Tuesday: Vulnerabilities in Windows components, RDP, and PowerPoint Get Fixes
  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Popular Posts

  • Mac Backdoor Linked to Lazarus Targets Korean Users
  • Microsoft November 2019 Patch Tuesday Reveals 74 Patches Before Major Windows Update
  • New Magecart Attack Delivered Through Compromised Advertising Supply Chain
  • September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days
  • 49 Disguised Adware Apps With Optimized Evasion Features Found on Google Play

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.