Beware of MS Antispyware 2009

A few people are getting sucked into installing MS Antispyware 2009. They go to some site and get a popup offering to install this program. Think about it. Normal websites don’t offer antispyware programs through a popup.

What’s wrong with this program? It contains a virus and the victim actually consents to install it. Sean-Paul Correll has provided an excellent video and a write-up at the PandaLabs Blog about this menace.

What is different about this exploit is the use of hundreds of SEO pages targeting major brands such as Ford and Nissan – search for some specific model or a car part and you will find links (mostly in Poland – .pl) that include dangerous infections as reported by Norton Internet Security.


Targeted Blackhat SEO Attack against Ford Motor Co. from Panda Security on Vimeo.

The following Google search “site:.pl nissan” has a few normal results at the top of the page, but then you get dozens of weird subdomains such as (don’t go there):

  • 347.aw.lubomogo.az.pl
  • 666.oo.mrfehz.wroclaw.pl
  • 872.zw.owncav.warszawa.pl

All of them are marked noarchive, hence you won’t see a Cached link. Most of these are doorway pages to p0rn sites but some also include infectious content.

Ash Nallawalla

Search strategist experienced in large, complex websites. Ash's Google+ profile

Related Posts

SEO Implications of Google Ads’ New Exact Match

Ash Nallawalla

4 December 2018

PPC, SEO

Feel free to share...FacebookTwitterGoogle+RedditStumbleUponLinkedinemailBrad Geddes has published an excellent post entitled “Exact match is no longer exact match – are you managing the changes correctly?” Although it is about PPC, can SEOs learn from it? It is a timely reminder for those of us in SEO and content writing to be aware of Search Intent versus Keyword […]

Read More

Subdomains treated like subdirectories?

Ash Nallawalla

27 May 2018

SEO

Feel free to share...FacebookTwitterGoogle+RedditStumbleUponLinkedinemailI saw a Facebook reference to an article on SEJ that “Google treats subdomains and subdirectories the same“. It caught my eye because of something  I experienced recently. Feel free to share...FacebookTwitterGoogle+RedditStumbleUponLinkedinemail

Read More

Older Posts