Google’s Doodles Abused for Disseminating Malicious Software; Avira

Security investigators from Avira a security company caution that cyber-criminals in attempts to spread malware onto end-users' computers are cashing in on the search results that are obtained from Google's doodles.

Understandably, Google habitually celebrates different vacations or honors various people via the alteration of its logos that are replaced with pictures designed particularly for that event and subsequently named as "doodles." And incase the celebration is of global stature, Google alters each of its localized Internet sites' relevant logos. But, if end-users click on these doodles they're taken onto a Google's set of search results that are obtained for certain search phrases, bearing an association with the event.

Recently, during the 2nd-week of May 2011, Google posted a doodle in place of its logo to honor Martha Graham who's a globally-renowned modern dance celebrity based in USA.

However, anyone who followed the doodle was likely to find preview graphics showing the art dancer. But, a few of those graphics comprised web-links leading onto a scareware website, which asserted that following a malware-scan of the end-user's computer, infection was discovered on it. Meanwhile, a Google hunt for 'Martha Graham' keeps resulting in those graphics.

Subsequently, if the Web-surfer lands on the scareware website, he's presented with the SecurityScanner.exe file meant for downloading so that the so-called malware issue can be solved, but the file actually is laden with malware.

Disturbingly, merely 4 scan-engines from the 42 of VirusTotal detected SecurityScanner.exe as malicious. When security researchers conducted an experiment, it was found that the fake anti-virus software contaminated Windows 7 computers on which MSE2 (Microsoft Security Essentials 2) was enabled. The scareware deactivated MSE2 as also placed itself as 'Win 7 Home Security 2011' on the computer's security system, while displaying itself as non-enabled. Thereafter, it asked end-users for 60 euros for enabling it, although the contaminated computer couldn't be used anymore.

Conclusively, security researchers recommend end-users that they should overlook websites which present unsolicited file downloads. Nevertheless, incase anyone does take down a file he should scrutinize it using an authorized security software for determining if the file actually bears authenticity or not.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 5/25/2011