Web Hunt for British Escapee Could Produce Malware
Security researchers have cautioned that a BHSEO (Black Hat Search Engine Optimization) campaign is targeting Web-surfers looking for Raoul Moat's photos online. Moat is a man whom the British police presently hunting. Actually, the online attack is manipulating search results on Google Images to take Web-surfers to malware-serving URLs, as reported by SoftPedia on July 8, 2010.
British officials have been on alert since July 3, 2010 when Moat, equipped with a gun, killed his former girlfriend, her new boyfriend and a policeman.
As the manhunt has been on for five days, the UK public is trying to get updated news about the incident. The incident has drawn worldwide attention as well. Therefore, many people outside Britain are going online to get the new details of the entire episode. Simultaneously, malware purveyors have become active too and exploiting the situation.
Christopher Boyd, malware Researcher at Sunbelt (an antivirus company) has cautioned that using Google Images to search for "Raoul Moat" will return malevolent URLs, as reported by SoftPedia on July 8, 2010.
While blogging, Boyd notes that each and every Web search on Google Image right from the top diverts users to serveradobe.co.cc. The URL displays a bogus prompt, "Install this" after which a file named V11_adobe_flash.exe is pushed for download. Sunbelt has identified this file as a malware called VirTool.Win32.Obfuscator.hg!b (v).
Out of 41 antivirus programs on VirusTotal (a free Internet scan service for malware and viruses), 11 could detect VirTool - a rate slightly low. While the security investigators at Sunbelt are working to understand the file, it appears that the file is fake antivirus software or something similar.
Meanwhile, the security researchers stated that the BHSEO manipulation spree seemed to be all set in action, rendering the results in Image Search useless and equipping them all with spurious Web-links.
Thus, the security specialists advise Web-surfers to remain vigilant of the campaign. Additionally, they are advised to deploy all the essential security software and keep the software up-to-date for averting any chance of getting trapped.
Related article: Web Browsers Too Have Security Exploits
» SPAMfighter News - 20-07-2010