Scareware Distributors Exploit Royal Engagement Announcement

The British Royal Family, on November 15, 2010, opened up an immense opportunity for scareware marketing that may last months when Prince William declared that he would wed Ms. Kate Middleton, his long-standing companion, in 2011.

Immediately as this news appeared, Tech Herald issued an elaborate report on Black Hat Search Engine Optimization (BHSEO) manipulations wherein cyber-criminals compromise keywords in search engines so as to raise their malevolent websites near the top search results.

On November 16, 2010, Tech Herald reported that when Prince William's engagement news struck their American wires, they began looking for live instances pertaining to search poisoning in connection with the event.

Thereafter, while the security company examined the search returns, it warned that the BHSEO schemes attacking Web-surfers who hunted information regarding the grand engagement on search engines had already begun. The company also reported that phrases associated with "Prince William engagement," "royal wedding prince William" "Kate Middleton Prince William" along with their variants were displaying indications of compromise as well as were hitherto the most viciously targeted search phrases.

Warned Tech Herald's researchers, each of the malevolent web-links displayed within search returns associated with the aforementioned phrases diverted Web-surfers onto sites, which forced bogus anti-virus software, popularly called rogueware or scareware.

The researchers, while elaborating on the danger stated that according to the Web-browsers end-users used, following the compromised web-links would take them onto one copycat YouTube page presenting codec for a video, alternatively malware alerts from scareware programs. That's because the code pushing the latest assaults split Web-traffic according to what browser a surfer used, say users of Internet Explorer would end up on bogus codec sites alternatively a rogue anti-virus scan.

Meanwhile, Users of Firefox would land on a false "What's New" web-page that was normally exhibited following an update of the Web-browser, informing them about a fresh Flash Player edition; however, the hijacked web-links would take them onto a redirector which connected with hxxp://friefox.ddns.pl.

Hence, the security researchers recommend that users, while surfing on the Web must use an effective anti-virus program as also instantly shutdown all sites that present .exe files.

Related article: SecureWorks Identifies Bank and Information Stealing Trojan Coreflood

» SPAMfighter News - 11/23/2010