Patrik Runald, chief security advisor at F-Secure, has discovered that as the ‘Mikeyy' worm hit the headlines over the weekend, spammers have taken advantage to use search engine optimisation techniques to spread malicious links.
Runald claimed that it was “no surprise at all that Google searches for information about the Twitter worm would lead to malware sites; it was really just a matter of time. Especially not after all the talk about it over the weekend and the guy behind it confessing everything. Malicious search results about popular news are something we see very often unfortunately.”
F-Secure showed that a search for the ‘Twitter worm' on Google gave a malicious link in the top ten results, and clicking on the link will redirect to ‘videxxxxxs.cn' which immediately redirects you to 'loyxxxxxxno.com' which tricks you into downloading a fake video codec from ‘cxxxxxxxxaz.com'. Runald claimed that the fake codec is malware, a Trojan downloader that downloads some additional malware, including a rogue security product called WinPC Defender, which shows fake malware detections. He later posted an update that revealed searching for ‘Mikeyy' also leads to malicious results.
Runald said: “Like all rogue security products it will tell you that you have malware on your PC and that you have to buy the product to remove them. This is more expensive then usual though as they want you to pay US$69.99 when the usual rate seem to be US$39.95.”
See original article on scmagazineuk.com