Easter is around the corner and as expected, attackers have already started to poison search engine queries to redirect users to websites that deliver misleading applications. Various search keywords related to Easter have been poisoned in Internet search results so that links to rogue websites are returned in the search listings. Some of the examples of poisoned keywords are:
Popular Easter Bible verse scriptures
Easter greeting card verses
Easter Bible verses
Easter verses poems
Bible Easter verse
Easter Bible quotes
Here is a Google search results example (do not visit those sites):
Attackers are using various tricks, such as referrer checking, in order to evade security researchers. If the bogus domains returned in the search listing are visited directly, we will see a page with many Easter-related keywords and links used to bolster the page’s search ranking. However, if the bogus links are clicked on from the search engine results, users will be redirected to malicious websites delivering misleading applications. In addition, the attackers are using “no-store, no-cache” in their HTTP headers so that these malicious pages are not stored or cached. Below are a couple of snapshots of the poisoned search results:
These bogus domains are hosting malicious scripts that redirect users to websites delivering misleading applications. This script redirects users to a website that displays a fake antivirus “scan” screen and delivers a rogue application.
Many of these bogus domains in question are currently redirecting to wikipedia.org, which most likely means that the attackers will change the redirection to point to malicious domains sometime in the future.
Credit: Security Response Blogs, Symantec
More on CyberInsecure: