Ford Motors under Blackhat SEO Attack
PandaLabs, an international network of research and technical support centers devoted to protecting users against viruses and the center of Panda Security's technical support services, has brought to light the fact that Ford Motors is targeted by a blackhat SEO attack. More than a million malicious links that distribute rogue software (also known as scareware) have been identified so far by PandaLabs.
“Today, we have uncovered a [blackhat SEO] campaign with over 1 Million links all targeting the Ford Motor Company. These attacks work by misleading search engines to falsely promote malicious pages to the top of the search results. Once the user visits one of the malicious sites, they are prompted to download and install a malicious "codec", which then installs the MS AntiSpyware 2009 (softwarefortubeview.40030.exe) Rogue Security Software, which we detect as Adware/MSAntiSpyware2009 or another rogue (AntiVirusInstaller.exe), which we detect as Adware/Anti-Virus-1. This case is especially interesting because it’s one of the few SEO attacks that we have seen targeting a single, specific brand,” explains security expert Sean-Paul Correll.
Rogue security software works by pretending to be a genuine security solution, but in fact it is malware. In this situation the whole things goes something like this: when you enter a search query in Google for example, something like how to change the drive belt for your Ford vehicle, you will get a list of search results, amongst which you will see poisoned results as well. When you click that result you will be directed to a web page where you are lead into believing that you can view a video related to your search query – just that you need to download a codec to see the video in question. The codec is in fact malware, rogue security software to be more precise which informs you that your system has been infected (hence the other name of this malware: scareware). Users that are fooled into purchasing this phony software are asked to provide their credit card details (which will then be used by the scammers to take all the money in your account).
The thing is that rogue security software is shaping up to be quite a bother these days, as confirmed by Microsoft’s Security Intelligence Report (SIR) volume 6 (details here) and reports about how the updated Conficker worm is trying to make money (details here).
“Today, we have uncovered a [blackhat SEO] campaign with over 1 Million links all targeting the Ford Motor Company. These attacks work by misleading search engines to falsely promote malicious pages to the top of the search results. Once the user visits one of the malicious sites, they are prompted to download and install a malicious "codec", which then installs the MS AntiSpyware 2009 (softwarefortubeview.40030.exe) Rogue Security Software, which we detect as Adware/MSAntiSpyware2009 or another rogue (AntiVirusInstaller.exe), which we detect as Adware/Anti-Virus-1. This case is especially interesting because it’s one of the few SEO attacks that we have seen targeting a single, specific brand,” explains security expert Sean-Paul Correll.
Rogue security software works by pretending to be a genuine security solution, but in fact it is malware. In this situation the whole things goes something like this: when you enter a search query in Google for example, something like how to change the drive belt for your Ford vehicle, you will get a list of search results, amongst which you will see poisoned results as well. When you click that result you will be directed to a web page where you are lead into believing that you can view a video related to your search query – just that you need to download a codec to see the video in question. The codec is in fact malware, rogue security software to be more precise which informs you that your system has been infected (hence the other name of this malware: scareware). Users that are fooled into purchasing this phony software are asked to provide their credit card details (which will then be used by the scammers to take all the money in your account).
The thing is that rogue security software is shaping up to be quite a bother these days, as confirmed by Microsoft’s Security Intelligence Report (SIR) volume 6 (details here) and reports about how the updated Conficker worm is trying to make money (details here).
