Ukrainian Attackers Use SEO, Fed Forms To Push Scareware To U.S. Users
Hackers "hijack" keywords to U.S. federal forms, placing malware at top of search results
Ukrainian hackers are using a unique combination of search engine optimization and U.S. federal government forms to promote fake antivirus software to U.S. users, a researcher said yesterday.
In his blog, independent consultant Dancho Danchev says the Ukrainian campaign is actively hijacking a variety of U.S Federal Forms keywords in an attempt to serve the Personal Antivirus (Trojan.Win32.FakeXPA) scareware.
The attackers have figured out a method to bypass Google's Safebrowser blacklist and deploy sophisticated page rank-boosting tools to elevate their malicious pages to the top of the Google search results for a given federal forms keyword, Danchev says.
When users click on these search results, they get a "scareware" message that says their computers are infected, and that they should load the the fake antivirus software to fix the problem. If they do, then they become infected by a Trojan that is capable of stealing control of their machines.
Danchev says steps are being taken to "disrupt" the attacks.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:
2009About the Author
You May Also Like