Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Ukrainian Attackers Use SEO, Fed Forms To Push Scareware To U.S. Users
Hackers "hijack" keywords to U.S. federal forms, placing malware at top of search results
1 Min Read
Ukrainian hackers are using a unique combination of search engine optimization and U.S. federal government forms to promote fake antivirus software to U.S. users, a researcher said yesterday.
In his blog, independent consultant Dancho Danchev says the Ukrainian campaign is actively hijacking a variety of U.S Federal Forms keywords in an attempt to serve the Personal Antivirus (Trojan.Win32.FakeXPA) scareware.
The attackers have figured out a method to bypass Google's Safebrowser blacklist and deploy sophisticated page rank-boosting tools to elevate their malicious pages to the top of the Google search results for a given federal forms keyword, Danchev says.
When users click on these search results, they get a "scareware" message that says their computers are infected, and that they should load the the fake antivirus software to fix the problem. If they do, then they become infected by a Trojan that is capable of stealing control of their machines.
Danchev says steps are being taken to "disrupt" the attacks.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:
2009About the Author
You May Also Like
More Insights
