Scareware SEO attack exploits engagement of Prince William and Kate Middleton

Filed Under: Malware, SophosLabs, Video

Yesterday, the news wires were hot with the announcement of the engagement of Prince William to Kate Middleton. As ever with hot news stories, one thing is inevitable. It is just a matter of time before the story is picked up and used in blackhat search engine optimisation (SEO) attacks.

Here's a YouTube video demonstrating the attack:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Searching for 'kate middleton + william' revealed a huge number of results, including several images on the first page of the results.

Royal family engagement images

Unfortunately, some of these images are actually within malicious SEO pages, and clicking through to them results in an immediate redirect to a rogue web site, where the user is greeted with a warning message.

Warning message

From here on, it is the usual fake anti-virus trickery, starting with the fake system scan.

Fake anti-virus scan

The user is tricked into downloading and installing the fake anti-virus (which is using the filename inst.exe at the time of writing). Once installed, our old friend Security Tool runs a scan of the system.

Fake anti-virus

Happily Sophos customers are pro-actively protected from this spate of attacks - the fake anti-virus malware is already detected (as Mal/FakeAV-EE).

For those looking to understand a little more about how SEO attacks are constructed, take a read through the paper we recently posted.

, , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Fraser is one of the Principal Virus Researchers in SophosLabs. He has been working for Sophos since 2006, and his main interest is in web related threats.