Archived Blog

Rogue Anti-Virus SEO Poisoning: Kanye West, Taylor Swift, Obama, Annie Le

09.16.2009 - 5:18 PM

SEO poisoning is fast becoming a trend in spreading rogue anti-virus software. This type of attack coupled with relevant news items that might be of interest to users from all walks of life is a lethal combination. Search terms related to the recent MTV Video Music Awards brouhaha and President Obama’s off-the-record comments about Kanye West, as well as updates on murdered Yale graduate student Annie Le, are the latest targets.

Screenshot showing affected VMA-related Google search results: 


Screenshot showing affected Annie Le-related Google search results: 


Upon visiting these search results, visitors would be presented with the standard fake / rogue AV Web site. To make matters worse, (real) anti-virus have very poor detection rates.

Malware sample 1:
2% AV coverage (via Virustotal at time of writing)
SHA-1: 2ecffb9efe94174ee9e1a65c8105bc647214a94b

Malware sample 2:
7% AV coverage (via Virustotal at time of writing)
SHA-1: 1ba4d50c660e5beeeb32beb8eef3da44b20491b5

Screenshots of the fake AV Web site, as led to by the search engine. 


Security Analyst: Mary Grace Timcang

Bookmark This Post: