Rise in Rogue Antivirus Black hat SEO campaign (Mar 11, 2010)
SonicWALL UTM Research team monitored a big spike in the Rogue Antivirus Black hat Search Engine Optimization (SEO) campaign targeting Google hot search terms recently. More details about Rogue Antivirus using SEO to infect users can be found here.
The spike was observed during the weekend of the most anticipated event – 82nd Annual Academy Awards which usually draws huge public interest in searching for news related to it. This SEO poisoning trend targeting Oscar related searches continued until March 10, 2010.
Following search terms related to Oscars that featured in Top 20 hot searches were amongst the most targeted:
- “printable oscar ballot”
- “academy awards 2010 time”
- “oscar ballot 2010 printable”
- “oscars 2010 date and time”
- “what time does the oscars start”
- “oscars 2010 tv schedule”
- “oscars channel”
- “what time do the oscars start 2010”
- “sandra bullock oscar acceptance speech”
- “elinor burkett oscars”
- “oscar winners 2010 list”
- “judd nelson oscars”
- “sean penn oscars 2010”
- “worst dressed oscars 2010”
- “john hughes oscar tribute video”
The graph below highlights the spike observed since the weekend of March 6 – 7, 2010:
SonicWALL Gateway AntiVirus (GAV) provides protection against these malicious websites serving Rogue AV via GAV: FakeAV#html_16 (Trojan) and GAV: FakeAV#html_17 (Trojan) signatures. SonicWALL GAV customers were protected against this recent spike as evident from the signature hits below:
