Cybercriminals Ride on the Back of Security Woes with FAKEAV

We regularly blog about how cybercriminals misuse newsworthy events in order to gain profit for themselves. In the past 24 hours, TrendLabsSM has tracked multiple FAKEAV attacks that try and trick users searching for help following the recent McAfee update 5958 incident.  This determination by cybercriminals to cause further problems and inconvenience to innocent end users and businesses is, in many respects, not surprising.
We at Trend Micro are keen to help users identify these FAKEAV scams before they can be affected.
In a recent post on how blackhat SEO leads to FAKEAV, “Doorway Pages and Other FAKEAV Stealth Tactics,” advanced threats researcher Norman Ingal described important telltale signs of malicious search results, specifically that their URLs follow this pattern:

This can help users spot malicious results. Ingal further adds that the title of the page (the text that appears in bold heading style in search results lists) is generally the same as the keywords used. The same pattern has appeared time and again in our investigations related to blackhat SEO attacks.
Only this week, the search results to the following keywords were also found to carry redirections leading to rogue antivirus software:

who got voted off american idol april 21
dancing with the stars elimination april 2010
goldman sachs sec filings
boston marathon results
april 20th weed day

The following is a demonstration of what our engineers found when they began (continue reading...)