Fake AVs lure victims using Ford as a bait

Panda Security’s antimalware laboratory has revealed that cyber-crooks are exploiting the current upheaval in America’s motor industry by launching a black hat SEO (Search Engine Optimization) attack using the name of embattled American car manufacturer Ford Motor Co. as bait to distribute malware on the Internet. The IT security vendor has discovered 1.2 million results in searches related to Ford which point to these malicious pages.

“If users searching for information about Ford click one of the malicious results, they are taken to a webpage in which it seems as if they are about to see a video,” explains Jeremy Matthews, head of Panda Security’s sub-Saharan operations. “If they try to watch the video, they will be prompted to download another program. This program, however, is really a fake antivirus. Panda has detected two fake antivirus programs that are distributed in this way: MSAntiSpyware2009 and Anti-Virus-1.”

These fake antiviruses are designed to make users believe that their computers have been infected by malware. They do this by simulating a scan of the system and supposedly detecting malware. Users are then offered the chance – through pop-ups and banners – to buy the pay version of the fake antivirus to clean their computers. If they don’t buy it, the malicious code will prevent the computer from operating properly in an attempt to force users into buying the product.

Over the last year, this type of malware has increased significantly. According to data from Panda, the number of variants of fake antiviruses has increased one hundredfold between the first quarter of 2008 and the corresponding period in 2009. In fact, in the first three months of 2009 no less than 111,086 new strains of fake antiviruses were detected – 20% more than in the whole of 2008.

“What’s interesting about this attack, however, is that this is one of the only black hat SEO attacks to focus on a single brand,” concludes Matthews.

Watch a video describing the infection process here.

For more information about this infection, go to the PandaLabs blog.

Related Posts

No Comments

Comments Closed