Tuesday, September 22, 2009

Another Shameless SEO based on Atlanta Flooding

Users Googling "Atlanta flood pictures" receive a yet another SEO attack, using a possibly compromised legitimate Australian website hosting restaurants in the famous Bondi area.

Here's a screenshot of a google search result:

A Fiddler capture shows us the redirections:

So we go from

An installer named Soft_207.exe will be presented for download, which is a variant of the Total Security family of Fake AVs.

At the moment, the following domains have been observed to have been involved in this attack:


These domains resolve to the following IP addresses:

But knowing the trend in scareware, there could be heaps more domains being created as we speak.

No comments:

Post a Comment