Hackers are exploiting common search engine optimisation (SEO) tactics to deliver malware to unsuspecting end users, according to security vendor Marshal.
These hackers are using SEO tools such as Google Trends to identify the keywords that end users commonly search for on search engines.
The hackers then create blogs laden with malware that are targeted at these popular keywords in the hope that end users will arrive at the sites through a Google search, infecting their computer in the process.
Phil Hay, analyst at Marshal, explained with the example of the search term ‘OJ Simpson Verdict’.
“The criminals identify this as a ‘hot’ search term and then ensure their Windows Live Spaces blog contains ‘OJ Simpson Verdict’. This promotes the blog up the order in Google search results and increases the chances that users will hit those web pages,” Hay said.
Once at one of these malware-laden blogs, users are directed to download a ‘codec’ to allow them to watch an embedded video.
In reality, this ‘codec’ is a piece of malware that identifies itself as antivirus software. The fraudulent software then prompts users for credit card details and promises to rid the user’s computer of viruses.
“Once installed, the program pops up and tells you it has found viruses on your computer and offers to clean these if you are willing to pay via credit card. The viruses the program reports are fake, the program itself is fake and the so-called legitimate company you deal with is fake,” Hay said.
“The whole thing is a con designed to part you from your money. It is fairly sophisticated and convincing.”
