Google Video Searches Being Poisoned
The Yahoo! open search redirection threat we blogged about just days ago may be from a totally different cybercriminal gang, but this new blackhat SEO poisoning makes clear that online search tools are quickly becoming favorite platforms for online criminals in their operations.
Search traffic on Google Video were found to be polluted: instead of legitimate videos researchers found some 400,000 queries returning video results that have a single redirection point, and one that eventually leads to malware download and execution.
Trend Micro detects the malicious executable as WORM_AQPLAY.A. This worm - file name FlashPlayer.v3.181.exe and from that alone one can already guess the social engineering strategy - spreads via removable and network drives when autorun is enabled. It masquerades as an Adobe Flash installer, which users who visit certain spoofed versions of video streaming websites are prompted to download and install.