BlackHat SEO Abuse Of UK General Election
Websense Security Labs™ ThreatSeeker™ Network has discovered that search terms relating to the UK General Election are delivering rogue antivirus to end users through the use of BlackHat SEO.
The British General Election polls closed yesterday, and news of the results is gradually making its way into traditional press and online media. The topical nature of the event is being abused by malware authors to direct users to rogue (fake) antivirus applications, the payloads of which are hosted on a Polish Web hosting provider, a trend that we have seen recently.
Screenshot of Google search result:
Typical search terms that will return malicious links include:
- uk election news
- uk election
- british election 2010
- british election results
- uk general election 2010
The user is directed to a Web site delivering rogue antivirus:
A VirusTotal result of the payload file (SHA1: 15e1cdebe76aafb97409c4354cf8724542208f8c) shows only a 25% detection rate by AV vendors.
Websense Messaging and Websense Web Security customers are protected against this attack.