More Trick than Treat

The most stressful thing about Halloween has always been deciding on a costume. Second place: making sure to have enough candy around for trick-or-treaters who may come a-knocking. All pretty straightforward stuff, right? This time around, though, it looks like the folks behind various rogue security software packages are using Halloween-related search engine poisoning techniques to hoist their fake scanners and other malware onto the computers of unsuspecting users.
While searching for a Halloween costume, one of my Security Response colleagues found a number of pages that – following the usual chain of JavaScript redirects – employ various techniques to coerce the user into installing one of several rogue security applications. Poisoned search terms discovered by us include ‘Halloween costumes’, ‘Best Halloween recipes’ and ‘Halloween theme music’, and it’s likely that there are many more where those came from.
The search engine listings appear as follows:
 
Note the obviously machine-generated text, the ‘blog’ text in the URL and the numeric file name given to the document. A significant number of the hosts seem to be blog sites that have been hacked, and it appears that some degree of automation is present here. Clicking though the poisoned results leads to the following page:

 
The page contains:

 
(Notice the Halloween-related parameters being passed (continue reading...)