Cyber crooks are now taking advantage of the infamous Stuxnet worm as a way to deploy malicious code.
Trend Micro researcher Ivan Macalintal has discovered poisoned search results leveraging on this notorious malware threat. Among the search strings used in this blackhat SEO campaign were “stuxnet SCADA,” “stuxnet removal tool,” “stuxnet cleanup,” “stuxnet siemens” and “stuxnet worm.”
Some of these poisoned search words and phrases came up as top results. One of the malicious URLs lead users to sites that exploit vulnerabilities. Additionally, in some of the search results, users are redirected to sites with PDF and SWF exploits.
“In effect, it leads to various payloads which include a downloader that installs other malicious codes on the system, and a FAKEAV variant detected as TROJ_FAKEAV.SMZU,” Bernadette Irinco writes on the Trend Micro Malware Blog. “FAKEAV variants are known for banking on popular searches and news events to lead users into buying rogue antivirus software.”
In another example, a malicious URL disguises itself as a bogus YouTube page pointing users to a malware. Trend Micro has detected it as TROJ_CODECPAY.AY.