Blog entry here
Posts Tagged ‘SEO’
SEO Poisoning scores a goal at the 2010 Winter Olympics
Posted by Steve Espino on February 23, 2010
Posted in Malicious Intent, Rogue Apps | Tagged: fake av, hockey schedule, malware-research-experts, packupdate_build, rogue av, SEO, winter olympics | Leave a Comment »
Another Shameless SEO based on Atlanta Flooding
Posted by Steve Espino on September 22, 2009
Users Googling “Atlanta flood pictures” receive a yet another SEO attack, using a possibly compromised legitimate Australian website hosting restaurants in the famous Bondi area.
Here’s a screenshot of a google search result:
A Fiddler capture shows us the redirections:
So we go from
hxxp://idrb.com/pdf_files/atlanta-flood-pictures.html
>hxxp://06d.ru/t.php
>>hxxp://read-cnn2.com/?pid=207&sid=de9f8f
>>>hxxp://winfixscanner7.com/scan1/?pid=207&engine=pHTyzjTyMzEyOS44Mi4xOTAmdGltZT0xMjUuNgAMPAVN
An installer named Soft_207.exe will be presented for download, which PC Tools Spyware Doctor with Antivirus aptly detects as RogueAntiSpyware.TotalSecurity.
At the moment, the PC Tools Malware Research Centre has observed the following domains being used for the distribution:
winfixscanner7(dot)com
15scanner(dot)com
These domains resolve to the following IP addresses:
89.47.237.55
89.248.174.61
213.163.89.60
But knowing the trend in scareware, there could be heaps more domains being created as we speak.
PC Tools Spyware Doctor with Antivirus protects its users from RogueAntiSpyware.TotalSecurity.
Posted in Uncategorized | Tagged: 06d.ru, 15scanner.com, 213.163.89.60, 89.248.174.61, 89.47.237.55, Atlanta flood pictures, fake alert, fake av, idrb.com, PC Tools, read-cnn2.com, rogue, rogue app, rogue av, RogueAntiSpyware.TotalSecurity, scareware, SEO, Spyware Doctor, Total Security, winfixscanner7.com | Leave a Comment »
