Tuesday 30 March 2010

"MW2 map pack release time" black SEO campaign leads to malware

I'm not a huge fan of Call of Duty, but it seems that Call of Duty Modern Warfare 2 Stimulus package release is hot topic right now. Everybody is talking about this update, but as I said I'm not a huge fan so I don't really care. However, today I came across a black SEO campaign that distributes fake antivirus programs through Google related to Modern Warfare 2 Stimulus package release time. As a matter of fact, I've found at least 16 sites that redirect users to malicious websites that distribute rogue anti-virus programs. Unfortunately, some of those site are in the first Google search results page for at least 6 hours and they are still there. I did a search with the follow keywords:
  • modern warfare 2 stimulus package release time
  • mw2 map pack release time
  • call of duty modern warfare 2 map pack
And here's how the Google SERP looked after my search:


As you can see, there are three compromised websites in the first Google search results page. Those sites are not malicious, they are compromised legitimate sites. Unfortunately, they redirect user to infected ones. Of course, there are more.
  • h**p://************lery.com/ozerd.php
  • h**p://***pros.com/oapxs.php
  • h**p://************udios.com/hyusj.php
  • h**p://**ywm.com/pbcel.php
  • h**p://***oad.com/kspkg.php
  • h**p://**la.info/svuyb.php
  • h**p://*******gely.com/khaiv.php
  • h**p://*********ossip.net/hbixg.php
  • h**p://**wr.net/wfror.php
  • h**p://*******n-25.com/pkeac.php
  • h**p://**********tware.com/lizsj.php
  • h**p://**********sing.com/gfrwf.php
  • h**p://****sce.pl/qzudf.php
  • h**p://***dpc.com/igueg.php
  • h**p://*****fnek.com/qqueq.php
  • h**p://*****rts.com/sleia.php
All these sites redirect mainly to two malicious websites:
  • h**p://*******ne54.**rg.pl
  • h**p://***********stem.**rg.pl


These two malicious websites display fake warnings and report false system security threats to make you think that your computer is infected with malware.











Once again, the bad guys use hot topics and black SEO campaigns to "push" malware. You should rely mostly on well known and trusted course of information. After all, if you doubt about it - don't click it. Good luck and be safe!

Share this information with other people:

No comments:

Post a Comment