Alert From the Websense Security Labs: Veterans Day spurs poisoned search- update
November 2010 by Websense
November is the time of the year when we remember those who sacrificed their lives for us during wars and it is Veterans Day today in USA, and Remembrance Day in the UK. As usual the cybercriminals are using events as an opportunity to spread malware and spam. Search terms like veterans day, veteran’s day 2010, veterans day events, veterans day california and veteran’s day honolulu return poisoned Web results.
The poisoned results’ redirection pages are now up and running. Firefox users will be redirected to a fake Firefox update page, prompting them to download a file called firefox-update.exe, which is detected as malicious by only 13/40 VT engines. For those using Internet Explorer, the ever-so-familiar Rogue AV page is where users are redirected.
Malware pushers also decided to use poisoned image results. Unlike the poisoned Web search results, poisoned image results have been active since Monday. The payload is also browser-based today, although it was serving up rogue AV regardless of the browser last Monday.
Finally, spammers want their share of the pie as well, so when you look at the results under videos, a slew of adult content is returned. Of course this is in addition to the spam emails that spammers have been distributing since last week.
"We have seen how business-minded malware pushers are. One code is used in two different events (Veterans Day and Midterm elections from last week) . As always, be cautious clicking on search results. It’s not every time that the "This site may harm your computer" warning is there to save the day, especially in video and image search results. Moreover, keep in mind that malware pushers are diversifying their portfolio by including poisoned image search results more and more." said Elad Sharf, Websense Security Labs