Scareware Purveyors Abuse Drug That Cures MS

Researchers from security company GFI Software, earlier called Sunbelt, are cautioning that one fresh BHSEO (Black-Hat Search Engine Optimization) scam is producing corrupt search hits associated with one fresh drug that cures MS (multiple sclerosis), with malevolent web-links.

Recently, Novartis a pharmaceutical firm declared that FDA (Food and Drug Administration) endorsed Gilenya, a medicine that helped to cure multiple sclerosis while it relapsed in the patient.

And as the pill hit the headlines, cyber-criminals thought of using the name well for their SEO attack. Primarily the crooks in their attempts to make money are exploiting those inflicted with MS along with those taking care of the patients.

So, when anyone spelled Gilenya incorrectly as 'Gilenia' the corrupt search results came on the screen. These then downloaded one Trojan, which in turn downloaded a scareware or something even bad.

Warns GFI Software, anyone using Google to hunt for details of 'Gilenia,' will most likely be led onto malicious web-pages. Additionally, Softpedia reports in news published on September 25, 2010 that 4 search results from the highest-ranking 5 related to "Gilenia price" take Web-surfers onto websites that disseminate scareware. The same happens when the search is done for "Gilenia side effects" or "Gilenia cost."

Meanwhile, the Safe Browsing service of Google hasn't yet blacklisted the malicious pages labeling them with "This site may harm your computer" alert. Consequently, it implies that the BHSEO scam has just started circulating and is pretty active too.

Researchers at GFI Software, in the meantime, have detected the scareware as FraudTool.Win32.FakeVimes!VB (v).

They, while remarking about this attack, say that whenever a big event occurs, it's accompanied with scams that fraudsters leverage. Basically, the cyber-criminals exploit hot topics and breaking news as bait for users who're tricked into opening unsolicited e-mails else clicking malevolent links. Consequently, such users in addition to handing over their money get personal credit cards compromised too.

To remain safe from infection, specialists therefore suggest users to deploy an anti-virus which in addition to hunting for malware also prevents malevolent websites from opening, and further they must load the Search Engine Security extension available for free.

Related article: SecureWorks Identifies Bank and Information Stealing Trojan Coreflood

» SPAMfighter News - 10/5/2010