FYI...
More Google searches resulting in rogue AV
- http://blog.trendmicro.com/more-goog...g-in-rogue-av/
Nov. 5, 2008 - "... 2 scenarios resulting (in) rogue AV downloads, also done through hijacking Google search results... In the first scenario, queries for the string refa+zeitaufnahmebogen [related to a German association for work design] on the German Google website (www .google.de) yield suspicious results... Using Wireshark, I’ve found that this was achieved through a redirection to yet another URL entirely... While the first scenario is more of a targeted attack, this next one proves to aim at a wider range of victims, and timely as well considering the US elections. Malicious results were also found generated from queries for the string absentee voting... And of course, this is another work of the FakeAV gang. Clicking the result triggers a series of redirections; however the payload, or the fake AV itself, is not there anymore. The downloaded file has the same name..."
(Screenshots available at the URL above.)