Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Swine Flu Topic used in SEO to spread Malware

Date:05.08.2009

Threat Type: Malicious Web Site / Malicious Code

As swine flu spreads throughout the world, Websense Security Labs™ ThreatSeeker™ Network has noticed that thousands of Web sites relating to swine flu have been registered. The results of our monitoring indicate that most of the sites are used for advertisement or email/web spam to sell their products, but of course, the topic also offers plenty of opportunity for malware.

We discovered that some Web sites are using the swine flu topic to spread malware. Interestingly, the sites we found are the type that only redirect users to a malicious Web site when they access the site through certain search engines. The targeted search engines are the most popular such as Google, Yahoo, and AOL. When a user searches using swine flu-related search terms, the malicious sites are returned as high as the fifth result on Google.

The malicious Web site that is redirected is typical: it asks the user to install a missing codec to watch a video, and the download codec is a Trojan Downloader. Until now, these kinds of sites just used hot topics to attract users; we suspect that they will use more advanced SEO techniques to infect more users in the future.

Screenshot of the malicious code:

Screenshot of malicious Web site:

Websense® Messaging and Websense Web Security customers are protected against this attack.