FYI...

Yahoo! sponsored search results lead to rogues
* http://preview.tinyurl.com/db25xj
03-10-2009 - Symantec Security Response Blog - "Search engines are often used by attackers as platforms from which to deliver malicious code. A while ago it was reported that Google was serving up advertisements that led to misleading applications (also known as rogue antispyware products). This time, the malicious code authors are using “Yahoo! Sponsored Search” listings as a means to promote a misleading product called ”Antivirus & Security.” Antivirus-2009-new .com and Antivirus-pro-download .com are returned in Yahoo!... The sponsored search result leads to antivirus-2009-new .com and antivirus-pro-download .com, where users are asked to make a payment to buy a membership in order to obtain the product.
>>> Instead of using techniques like search engine optimization (SEO) poisoning to get the opt listing in the search engine results, attackers are using Yahoo’s advertising services to display their advertisement on all websites that display Yahoo’s sponsored search results...
Fortunately, these sponsored listings have since been cleaned up and all websites that display sponsored search results from Yahoo, and no longer appear to be displaying these misleading advertisements. However, links to this website in forum comments and other website pages still can be found. A Yahoo search returned around 9,000 results and a Google search returned around 5,000 results when searching for “antivirus-2009-new .com.” For “antivirus-pro-download .com,” Yahoo returned around 10,000 results and Google returned around 1,650 results..."

(Screenshots available at the Symantec URL* above.)



This post has been edited by AplusWebMaster: Mar 12 2009, 03:08 AM

FYI...

Redirects to scareware - Thousands of web sites compromised
- http://blogs.zdnet.com/security/?p=4947
November 17, 2009 - "Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe)*, commonly referred to as scareware. More details on the campaign: The compromised sites are using legitimately looking templates using automatically generated bogus content, with a tiny css.js** (Trojan-Downloader.JS.FraudLoad) uploaded on each of them which triggers the scareware campaign only if the visitor is coming a search engine listed as known http referrer by the gang - in this case Google, Yahoo, Live, Altavista, and Baidu... the massive blackat SEO campaign has been launched by the same people who operate/or manage the campaigns for the Koobface botnet..."
* http://www.virustotal.com/analisis/86c36d1...687e-1258481993
File nnovv_Inst_312s2.exe received on 2009.11.17 18:19:53 (UTC)
Result: 1/41 (2.44%)
** http://www.virustotal.com/analisis/7892e2b...63be-1258479383
File css.js received on 2009.11.17 17:36:23 (UTC)
Result: 7/41 (17.07%)

- http://blog.trendmicro.com/fake-blogs-lead-to-fakeav/
Nov. 19, 2009

- http://blogs.zdnet.com/security/?p=4297&page=2
"... the claims that “You’re Infected!; Windows has been infected; Warning: Malware Infections founds; Malware threat detected” should be considered as a fear mongering tactic..."



This post has been edited by AplusWebMaster: Nov 19 2009, 06:59 AM