Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Google Wave SEO Poisoning

Date:09.30.2009

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker Network has detected that Google searches on terms related to Google Wave return results that lead to a rogue antivirus. Google Wave is the much talked-about, latest API hitting the collaboration scene today.

There's a lot of hype about the launch of Google Wave, not only because of the 'new' things it offers but also because Google invited only 100,000 lucky users to test the service. With that said, it's no surprise that users are enticed to this new application. Unfortunately, it's also no surprise that the bad guys are using this hype to manipulate search results.


Screen shot showing affected Google Wave-related Google search results: 
 

Screen shot showing Rogue AV: 
 

Malware sample 1:
14% AV coverage (via VirusTotal at time of writing)
SHA-1: 4e58a12a9f722be0712517a0475fda60a8e94fdc

Malware sample 2:
17% AV coverage (via VirusTotal at time of writing)
SHA-1: 4e58a12a9f722be0712517a0475fda60a8e94fdc

Malware sample 3:
9% AV coverage (via VirusTotal at time of writing)
SHA-1: d372e0dfb260a20b6ff86e37566d3e6a8666bea7

Malware sample 4:
21% AV coverage (via VirusTotal at time of writing)
SHA-1: 9b7d9ae37bd78eff1a28b225b7ae25cf6a84efc5

Websense® Messaging and Websense Web Security customers are protected against this attack.