Posted on 11/02/2010 9:46:52 AM PDT by tarawa
Just received this through Infragard:
For your situational awareness:
(U) Community Policing: "Fake AV pushers poison US election search results"
(U) "The US midterm elections are taking place today, and scareware pushers aren't sitting with their hands crossed - they have poisoned related search results. Search combinations such as "2010 midterm election", "midterm election results", "midterm election latest polls", "midterm election season" and "midterm election latest polls gallup" offer search results that take potential victims to a blank page. A blank page? That seems harmless - until you check out its source code and see that it contains the URL to a fake AV distribution site. Websense researchers believe that further redirection to this URL is not active yet because the scammers are waiting for the election process to start and people to search the Internet for results. The fake AV in question is the ubiquitous Security Tool that has lately been pushed with all possible tactics. The file that will try to get downloaded on the potential victim's computer is named inst.exe, and is currently detected by only 10 out of the 43 virus solutions employed by VirusTotal."
Source: http://www.net-security.org/secworld.php?id=10088
Classification: UNCLASSIFIED Caveats: NONE
Using which search engine. I searched on all those terms using Bing, Yahoo and Google. Didn't have any problems. Can you sight a reproducable example?
“inst.exe”
buy a Mac
you will sleep better
Very smart move on the malware maker’s fault. Browse with Firefox folks. “Ad Blocker Plus” and “NoScript” are your friends.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.