Ukrainian Attackers Use SEO, Fed Forms To Push Scareware To U.S. Users

Hackers "hijack" keywords to U.S. federal forms, placing malware at top of search results

Ukrainian hackers are using a unique combination of search engine optimization and U.S. federal government forms to promote fake antivirus software to U.S. users, a researcher said yesterday.

In his blog, independent consultant Dancho Danchev says the Ukrainian campaign is actively hijacking a variety of U.S Federal Forms keywords in an attempt to serve the Personal Antivirus (Trojan.Win32.FakeXPA) scareware.

The attackers have figured out a method to bypass Google's Safebrowser blacklist and deploy sophisticated page rank-boosting tools to elevate their malicious pages to the top of the Google search results for a given federal forms keyword, Danchev says.

When users click on these search results, they get a "scareware" message that says their computers are infected, and that they should load the the fake antivirus software to fix the problem. If they do, then they become infected by a Trojan that is capable of stealing control of their machines.

Danchev says steps are being taken to "disrupt" the attacks.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Email This  | 
Print  | 
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service