Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 26th, 2009

Easter Related Search Engine Results Poisoned, Redirect Users To Malicious Applications

Easter is around the corner and as expected, attackers have already started to poison search engine queries to redirect users to websites that deliver misleading applications. Various search keywords related to Easter have been poisoned in Internet search results so that links to rogue websites are returned in the search listings. Some of the examples of poisoned keywords are:

Easter verse

Popular Easter Bible verse scriptures

Easter greeting card verses

Easter Bible verses

Easter verses poems

Bible Easter verse


Easter Bible quotes

Here is a Google search results example (do not visit those sites):

Attackers are using various tricks, such as referrer checking, in order to evade security researchers. If the bogus domains returned in the search listing are visited directly, we will see a page with many Easter-related keywords and links used to bolster the page’s search ranking. However, if the bogus links are clicked on from the search engine results, users will be redirected to malicious websites delivering misleading applications. In addition, the attackers are using “no-store, no-cache” in their HTTP headers so that these malicious pages are not stored or cached. Below are a couple of snapshots of the poisoned search results:

These bogus domains are hosting malicious scripts that redirect users to websites delivering misleading applications. This script redirects users to a website that displays a fake antivirus “scan” screen and delivers a rogue application.

Many of these bogus domains in question are currently redirecting to, which most likely means that the attackers will change the redirection to point to malicious domains sometime in the future.

Credit: Security Response Blogs, Symantec

Share this item with others:

More on CyberInsecure:
  • Office.Microsoft.Com Search Results Can Lead To Rogue Anti-Virus
  • Google Doodle Poisoned By Rogue Anti-virus Scareware
  • Compromised Museum Website Infecting Image Search Referred Visitors
  • Site Evaluation Results
  • Cross-site Scripting Vulnerability Found In MI5 Website By A Hacker

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Easter Related Search Engine Results Poisoned, Redirect Users To Malicious Applications

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.