Have you ever read an article on the web where you just had to Google a certain term or phrase to learn more about it, or even just to satisfy your own curiosity? The answer is likely yes, and it’s probably a frequent occurrence. That’s what malware distributers have figured out. Here’s an example. A news article about disgraced financier Bernard Madoff made mention of his 55-foot yacht; a 1969 Rybovich. Wow, I bet that’s a spectacular yacht. If you wonder what one looks like, perhaps you might do a quick search for “1969 Rybovich.” One may think such a casual search would be harmless. Think again. It turns out Malware distributors have honed in on the yacht phrase and the top Google results are malicious URLs. We first noticed this on the evening of April 1 when we first read the story and were curious – and our first take was “Wow, they are fast”. Â Â We watched the evolution of the number of google results that presented malware over the course of April 2. The last we checked – even one of the blogs off of my.barackobama.com was utilizing this yacht to lure users.
The search results don’t look so threatening, but if you are to click on the first few URLs, you’ll find differently. Each of these URLs is a rouge anti-virus URL that will distribute malware. Here are a couple of examples…
These two examples should arouse suspicion by now, especially if you’re looking for yachts, but anyone acting in haste, or succumbing to further curiosity will be taken to the malware delivery upon clicking where prompted, and frequently it’s already been delivered even if you don’t click.
This example is quite typical of what you’ll see next when you click, a fake malware scan that delivers the malicious goods. It looks just like an MS scanner!!!
So what about that 1969 Rybovich? What about further curiosity based Googling? Next time you find yourself conducting such a search, do so with caution. Consider if the search result URLs all look similar. In this case, that is first red flag of caution. When you click to go to a link; does the content look like what you expected or is there some unexpected prompt to click? This is red flag number two. One shouldn’t even proceed onto red flag number three to see the fake malware scan. Already you’re taking a dangerous path that is not going to show you anything about Madoff’s yacht.