SEO techniques used to manipulate search results for Ford, improving indexing of malicious pages to distribute MSAntiSpyware2009 and Anti-Virus-1 fake antiviruses.
The malware is distributed when users searching for information about Ford click on one of the malicious search results and are taken to a Web page in which it appears they are about to see a video. If users try to watch the video, they will be prompted to download another program. This program, however, is actually a fake antivirus. PandaLabs has detected two fake antivirus programs that are distributed in this way: MSAntiSpyware2009 and Anti-Virus-1.
These fake antivirus programs are designed to make users believe that their computers have been infected by malware. This is done by simulating a scan of the victim's computer system and detecting fake malware. Users are then offered the chance - through pop-ups and banner ads - to buy the fake antivirus to clean their computers. If the victim does not purchase the bogus antivirus, the malicious code will prevent the computer from operating properly in an attempt to coax users into buying the product.
This type of malware has increased significantly over the last year. According to data from PandaLabs, the number of variants of fake antivirus programs has increased one hundredfold between the first quarter of 2008 and the corresponding period in 2009. During the first three months of 2009, no less than 111,086 new strains of fake antivirus programs were detected, 20 percent more than in the whole of 2008. A graphical overview of the evolution of the fake antivirus can be found here: http://www.flickr.com/photos/panda_security/3441234975/
"These malicious codes are designed to generate profits for their creators by deceiving users into purchasing fake antivirus software via credit card. Not only are victims charged for the fake product, but they also disclose their personal financial information to cyber-criminals," explains Luis Corrons, Technical Director of PandaLabs. "One of the most notable features of this infection is that it is one of the few black hat SEO attacks that focus on a single brand."
More information about this infection is available at the PandaLabs blog: http://pandalabs.pandasecurity.com/archive/Targeted-Blackhat-SEO-Attack-against-Ford-Motor-Co_2E00_.aspx
About PandaLabs
Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of Collective Intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.
Currently, 94 percent of malware detected by PandaLabs is analyzed through this system of Collective Intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), working 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.