Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Black Hat SEO Causing Malicious Search Results For Recent Haiti Earthquake

Date:01.13.2010

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has discovered that searches on terms related to the recent earthquake in Haiti return results leading to a rogue antivirus program. The earthquake, which happened on Tuesday near Port-au-Prince, had a magnitude of 7.0 and is said to be the most powerful earthquake to hit Haiti.



People around the world are searching the Internet to find the latest updates on this issue, wanting to know how to make charitable donations, trying to discover the extent of the calamity through photos or videos, and looking to see what their favorite artists and musicians are saying about the disaster. Unfortunately, the bad guys use major crises and events like this to spread their malicious code.

Maliciously engineered search results: 

 

Screen shot showing the rogue antivirus software: 

 

Malware sample 1:
20% AV coverage
SHA1 : e89ff91b9a279ac5e9e86c455f2150f2a0ffcf8f

Malware sample 2:
8% AV coverage
SHA-1: 4e58a12a9f722be0712517a0475fda60a8e94fdc

Malware sample 3:
20% AV coverage
SHA1 : ee6e18f8cfe65862e7fa0537ae4b95cb0fcb7ada

Websense® Messaging and Websense Web Security customers are protected against this attack.