Rise in Rogue Antivirus Black hat SEO campaign (Mar 11, 2010)


SonicWALL UTM Research team monitored a big spike in the Rogue Antivirus Black hat Search Engine Optimization (SEO) campaign targeting Google hot search terms recently. More details about Rogue Antivirus using SEO to infect users can be found here.

The spike was observed during the weekend of the most anticipated event – 82nd Annual Academy Awards which usually draws huge public interest in searching for news related to it. This SEO poisoning trend targeting Oscar related searches continued until March 10, 2010.

Following search terms related to Oscars that featured in Top 20 hot searches were amongst the most targeted:

  • “printable oscar ballot”
  • “academy awards 2010 time”
  • “oscar ballot 2010 printable”
  • “oscars 2010 date and time”
  • “what time does the oscars start”
  • “oscars 2010 tv schedule”
  • “oscars channel”
  • “what time do the oscars start 2010”
  • “sandra bullock oscar acceptance speech”
  • “elinor burkett oscars”
  • “oscar winners 2010 list”
  • “judd nelson oscars”
  • “sean penn oscars 2010”
  • “worst dressed oscars 2010”
  • “john hughes oscar tribute video”

The graph below highlights the spike observed since the weekend of March 6 – 7, 2010:


SonicWALL Gateway AntiVirus (GAV) provides protection against these malicious websites serving Rogue AV via GAV: FakeAV#html_16 (Trojan) and GAV: FakeAV#html_17 (Trojan) signatures. SonicWALL GAV customers were protected against this recent spike as evident from the signature hits below:



Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.