Websense Security Labs’ alert
January 2010 by Websense
Websense Security Labs™ has discovered that a popular video called "Paignton Ice Skating for Cars" has been targeted by both Search Engine Optimisation (SEO) poisoning attacks as well as Web spam. They will shortly issue an alert on this.
As a severe winter weather is currently hitting large parts of Europe, the video proved to be very popular with currently more than 850,000 hits on Yahoo Video and Youtube - which together with different uploaded versions, is more than one million views and growing. Criminals have used the video’s popularity as an opportunity to spread rogue AVs by poisoning search results of major search engines. When the term ’ice skating car’ is searched via Google nearly half of the searching results on the first page redirect to rogue AV sites. Clicking on those links, the user is redirected to a Web site showing this message: ’Your PC is at risk of virus and malware attack’ - that’s an old trick used to lure unsuspecting users to download a fake AV installer.
– Screenshot of the first page when searching ’Ice Skating Car’ in Google:
– Screenshot of the fake AV site:
The black search results in Google redirect the user through several sites, some of which are hosted in Russia, before finally landing in the rogue AV site. Cyber criminals often change the second site in the redirection chain – in order to make it harder for detection. The file currently has relatively low AV detection rate.