Somebody once said..

"If you convince people that the wheel isn't right, they will allow you to re-invent it"

Tuesday, February 16, 2010

Olympics 2010 news ending up with Malware

Recently I covered how malware authors use Blackhat SEO poisoning to distribute malware on unsuspecting victims. Since then, I have been closely monitoring the news trends and this time the bad guys are targeting is searches related to Vancouver Olympic games 2010.

Tragedy struck at the Olympic games Luge (ice racing) event, when a 21 year old athlete Nodar Kumaritashvili died during a practice session on Friday. Apparently a video of live footage spread across YouTube and other news channels like wild fire.

The IOC moved quickly to take the Luge crash videos off the Internet thus increasing the popularity of this search even further as those not glued to early coverage were desperate to get news on the Luge crash. The bad guys were quick enough to capitalize on this and started poisoning the search results with a lot of “bad” links.

Normally I find just a couple of links poisoned on the first page but this is the first time I saw more than 6 to 7 bad links on the first page of the Google search result itself !

LugeCrash_Search

Once you click on the poisoned link, you are presented with a YouTube like video loading screen which then displays a “ActiveX object missing” error.

LugeCrash_ActiveX

If you click on any of the buttons above a downloader Trojan gets installed on your PC which further downloads more malware. Unlike last time where it appeared that the machine was being scanned by AV, here its “missing video object” that is used to convince a unsuspecting victim to download the malware.

I am not sure why Google is not removing the bad links from their searches as they did last time when valentine day searches were getting poisoned results. This just shows that the bad guys are getting better with every new tragedy that is happening out there.

I would advise caution for all the readers who are trying to search for latest news videos out there. Do not click or install anything that claims to be a missing video codec or object.

99.9% of websites require only Adobe Flash player to be installed in order to play streaming videos. If you find a website that is not playing a video, just find another link that works with Flash ! And incase Flash is not installed, go and install it from adobe’s website rather than from the site which is hosting the video.

No comments:

Post a Comment