Video Screencast Help
Security Response

iPad SEO Poisoning Leads To Rogue Security Software

Created: 28 Jan 2010 11:19:45 GMT • Updated: 23 Jan 2014 18:29:58 GMT
Joji Hamada's picture
+1 1 Vote
Login to vote

Yesterday we saw SEO poisoning attacks when searching for keywords such as "Apple Tablet". Now, after the product announcement has been made, we are seeing the same attack with the actual name of the product included in the search term.

Using search terms like "Apple Ipad rumor" or "Apple Ipad size" are likely to produce results from sites like youcanbesureforsafe.net, antyspywarescanblog.com, or mastersmegasecurity.net, ultimately compromising your computer with rogue security software.

goog.jpg

2ndpopup.jpg

No worries for Symantec product users.  Our HTTP FakeAV Redirect Request IPS signature will detect the attack.  Our Trojan.FakeAV!gen13 heuristic detection will also catch the rogue security software that's eventually downloaded on to the computer.  For network administrators, you can add the two rogue security software domains mentioned above to a blacklist, as well as xtijzl.xorg.pl and the IP address 93.158.114.163, both of which are used in the attacks.