Ukrainian Attackers Use SEO, Fed Forms To Push Scareware To U.S. Users

Hackers "hijack" keywords to U.S. federal forms, placing malware at top of search results

Dark Reading Staff, Dark Reading

August 7, 2009

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Ukrainian hackers are using a unique combination of search engine optimization and U.S. federal government forms to promote fake antivirus software to U.S. users, a researcher said yesterday.

In his blog, independent consultant Dancho Danchev says the Ukrainian campaign is actively hijacking a variety of U.S Federal Forms keywords in an attempt to serve the Personal Antivirus (Trojan.Win32.FakeXPA) scareware.

The attackers have figured out a method to bypass Google's Safebrowser blacklist and deploy sophisticated page rank-boosting tools to elevate their malicious pages to the top of the Google search results for a given federal forms keyword, Danchev says.

When users click on these search results, they get a "scareware" message that says their computers are infected, and that they should load the the fake antivirus software to fix the problem. If they do, then they become infected by a Trojan that is capable of stealing control of their machines.

Danchev says steps are being taken to "disrupt" the attacks.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:

2009

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights