Websense Alerts of Microsoft Fake Antivirus
According to the security company Websense, search results for Microsoft Office homepage are taking Web-surfers to a page that hosts fake antivirus software. Specifically, people hunting for suggestions and help related to Office programs on office.microsoft.com are becoming hackers' target, the company cautions.
Websense states that Web-users may not know that their search for the website makes Microsoft to search its own site. While this search by the company produces the normal results, it downloads more from the broader Web. Since each of the search results' URLs starts with http://office.microsoft.com, some crafty results could especially pose danger to surfers who have faith in reputed websites.
In the present case, the URL redirects Web-surfer to an extremely authentic-appearing virus scan. There also opens up an alert page, saying that the user's computer is infected, followed by a fake AV program. If anyone clicks on the alert, an .exe file gets downloaded that contaminates the user's system.
Besides, this problem is created because web filtering programs let these URLs pass since they have the "office.microsoft.com" prefix.
Websense reveals that one out of 41 antivirus products listed on Virus Total has been able to recognize the executable encoded to the exploit.
According to the researchers, this malicious development shows that there's often misuse of people's trust on the Net. When they search on any major search engine like Yahoo, Google etc., they know that they wouldn't get the results as safe every time. However, in the instance of Microsoft search, it becomes evident how people easily repose faith in the results related to the URL.
The researchers stated that users were already aware of the increasing problem of malicious SEO (search engine optimization) tactics across the Web. However, it was unexpected to find the use of SEO to target Microsoft's customers who utilize a vendor website for search. Meanwhile, Red Condor, another security company, reported that one more scam exploited Microsoft's name for disseminating certain Trojan namely, Zbot.
Related article: Websense Discovered Malicious Social Networking Spam Campaign
» SPAMfighter News - 20-01-2010