Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Just a few days after Microsoft launched Security Essentials, cybercriminals are hitting search engine results with malicious links.Websense Security Labs ThreatSeeker Network discovered that search engine results for information on how to download Microsoft's recently released Security Essentials tool are now returning links to websites that serve rogue anti-virus.When a user clicks on a compromised website, so long as they have been referred by a search engine, they are redirected to malicious websites with domain names such as computer-scanner21 and computervirusscanner31.If a user downloads the application, a file with extension .tif is downloaded in the 'program files\TS' directory as TSC.exe and system.dat (the .tif file is decrypted/decompressed and split). The payload then executes 'tsc.exe -dltest', that apparently connects to a NASA website to check internet connectivity.Finally, 'tsc.exe' is executed with no parameters, and the rogue anti-virus starts while the original file is deleted in the background.The Websense ThreatSeeker Network has been monitoring search engine optimisation poisoning of search terms related to Microsoft Security Essentials. It claimed that the malware authors set up a trial run of optimisation poisoning techniques before converting the redirects to deliver rogue applications.Carl Leonard, threat research manager at Websense, said: "One of the rogue links is directly under a MSDN blog entry discussing Microsoft Security Essentials. The rogue redirects are hosted on a variety of legitimate websites, which have been compromised including that of the British Travel Health Association. When a user is referred to the site by a search engine, they are instead redirected to malicious websites."Patrick' Runald, security research manager at Websense, claimed that he was not really surprised about how quickly this had appeared. Runald said: "It is the same with Google Wave, it is an action of keeping track of trending topics and using different keywords and manipulating search engine optimisation (SEO)."The cybercriminals have different sites under their control and in the background they have a process that monitors Twitter and Google trending topics that allows their sites to climb up the search results. This is automated so there is not much for them to do to make it happen."Commenting on how long it will be before malicious files are detected that are named 'Microsoft Security Essentials', Runald claimed that he was confident that we will see a malicious version of it."Cybercriminals do not use the Microsoft Security Essentials name for the download and haven't copied the name either because they are afraid of copying the nae because they know that Microsoft will go after them," said Runald.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.