A few people are getting sucked into installing MS Antispyware 2009. They go to some site and get a popup offering to install this program. Think about it. Normal websites don’t offer antispyware programs through a popup.
What’s wrong with this program? It contains a virus and the victim actually consents to install it. Sean-Paul Correll has provided an excellent video and a write-up at the PandaLabs Blog about this menace.
What is different about this exploit is the use of hundreds of SEO pages targeting major brands such as Ford and Nissan – search for some specific model or a car part and you will find links (mostly in Poland – .pl) that include dangerous infections as reported by Norton Internet Security.
Targeted Blackhat SEO Attack against Ford Motor Co. from Panda Security on Vimeo.
The following Google search “site:.pl nissan” has a few normal results at the top of the page, but then you get dozens of weird subdomains such as (don’t go there):
- 347.aw.lubomogo.az.pl
- 666.oo.mrfehz.wroclaw.pl
- 872.zw.owncav.warszawa.pl
All of them are marked noarchive, hence you won’t see a Cached link. Most of these are doorway pages to p0rn sites but some also include infectious content.