iPad SEO Poisoning Leads To Rogue Security Software
Yesterday we saw SEO poisoning attacks when searching for keywords such as "Apple Tablet". Now, after the product announcement has been made, we are seeing the same attack with the actual name of the product included in the search term.
Using search terms like "Apple Ipad rumor" or "Apple Ipad size" are likely to produce results from sites like youcanbesureforsafe.net, antyspywarescanblog.com, or mastersmegasecurity.net, ultimately compromising your computer with rogue security software.
No worries for Symantec product users. Our HTTP FakeAV Redirect Request IPS signature will detect the attack. Our Trojan.FakeAV!gen13 heuristic detection will also catch the rogue security software that's eventually downloaded on to the computer. For network administrators, you can add the two rogue security software domains mentioned above to a blacklist, as well as xtijzl.xorg.pl and the IP address 184.108.40.206, both of which are used in the attacks.