Ash Nallawalla's blog

Beware of MS Antispyware 2009

A few people are getting sucked into installing MS Antispyware 2009. They go to some site and get a popup offering to install this program. Think about it. Normal websites don’t offer antispyware programs through a popup.

What’s wrong with this program? It contains a virus and the victim actually consents to install it. Sean-Paul Correll has provided an excellent video and a write-up at the PandaLabs Blog about this menace.

What is different about this exploit is the use of hundreds of SEO pages targeting major brands such as Ford and Nissan – search for some specific model or a car part and you will find links (mostly in Poland – .pl) that include dangerous infections as reported by Norton Internet Security.

Targeted Blackhat SEO Attack against Ford Motor Co. from Panda Security on Vimeo.

The following Google search “ nissan” has a few normal results at the top of the page, but then you get dozens of weird subdomains such as (don’t go there):


All of them are marked noarchive, hence you won’t see a Cached link. Most of these are doorway pages to p0rn sites but some also include infectious content.

Ash Nallawalla

Search strategist experienced in large, complex websites. Ash's Google+ profile

Related Posts

Sherpa for Majestic Chrome Extension – Review

Ash Nallawalla

21 October 2017

SEO, SEO Tools

Feel free to share...FacebookTwitterGoogle+RedditStumbleUponLinkedinemailMost professional SEOs I know use for reliable backlink data. Majestic provides a lot of data about the links to a site, including data about the quality of those links. I have used it for many years, from the time it was known as Majestic SEO. I usually enter the URL […]

Read More

President Obama’s pages archived

Ash Nallawalla

22 January 2017

Other, SEO

Feel free to share...FacebookTwitterGoogle+RedditStumbleUponLinkedinemailAfter Mr Donald Trump became the president at noon today (USA EST), many reported that the website removed references to Climate Change and LGBT. That isn’t entirely accurate. The website up to that point has been archived and can be found at The LGBT URL was but it redirects […]

Read More

Older Posts