NEWS FROM THE LAB - Tuesday, April 14, 2009

Twitter Worm Google Searches Leads to Malware Posted by Patrik @ 20:47 GMT

No surprise at all that Google searches for information about the Twitter worm would lead to malware sites, it was really just a matter of time. Especially not after all the talk about it over the weekend and the guy behind it even confessing everything. Malicious search results about popular news is something we see very often unfortunately.

By searching for "Twitter worm" on Google one of the top 10 hits look like this:


Which leads to this site:


But you'll never see that as you immediately will get redirected to videxxxxxs.cn which immediately redirects you to loyxxxxxxno.com which tricks you into downloading a fake video codec from cxxxxxxxxaz.com. No exploits are used, it's just social engineering. At least for now.


And the fake codec is of course malware. In fact, it's a trojan downloader that downloads some additional malware, including a rogue security product called WinPC Defender which shows fake malware detections.


Like all rogue security products it will tell you that you have malware on your PC and that you have to buy the product to remove them. This is more expensive then usual though as they want you to pay $69.99 (the usual rate seem to be $39.95).


So, unfortunately we're not surprised that this happened. As usual, get your news and information from sources you trust. Random Google searches can't be trusted.

Updated to add: Searching for "Mikeyy" also leads to malicious results.