Midterm Election Buzz Fuels Rogue AV Attacks

Interest in the U.S. midterm elections is being used to lure Web surfers to malicious Web pages that are pushing rogue antivirus programs, according to security firm Websense.

Interest in the U.S. midterm elections is being used to lure Web surfers to malicious Web pages that are pushing rogue antivirus programs, according to security firm Websense.

With voter interest running high in the U.S., Web searches for hot terms like “midterm election polls,” “2010 midterm election” and “midterm election results” end up driving curious voters to malicious Web sites that push fake antivirus programs that can quickly take over users’ Windows PCs, Websense reported in a post on its Security Labs Blog.

 

Searches by Threatpost.com confirmed that many of these terms are being used in attacks that rely on search engine optimization. Web filtering services offered by search engines like Google have identified some of the malicious links, though others that appear suspicious have no warning.

The malware pushed from the sites, with the executable name inst.exe, was detected by only 23% of the engines, according to data from Virus Total and is variously identified as the Trojan Kazy and Kryptik, as well as generic FakeAV.

Search engine optimization for the purposes of pushing malicious code has been elevated to an art form in recent years, as scam artists and organized cybercriminal groups look for ways to lure users to Web sites pushing malicious wares or offering phony products and services.

Websense advised users to be extra careful when clicking on links related to hot and trending topics and events – including election related topics.

Suggested articles