The story began on March 18, when an Apple employee named Gray Powell forgot a strange-looking iPhone at a bar. Long story short, technology Web site / blog Gizmodo later acquired it from the man who had found it. After analyzing it thoroughly, Jason Chen of Gizmodo revealed Monday all the details he could find out about the device, which pretty much seems like it is a prototype for the yet-to-be-announced iPhone 4G, expected to be released early this summer.
Needless to say, the news has gathered much attention from the media, with the article drawing as much as 7 millions visitors in less than 48 hours, which, in comparison, is more than Twitter's average. And of course, a hot topic makes for a high number of Google searches for words related to this topic. This situation can be a gold mine for malware distributors.
As it has been the case with other recent high-profile news such as the Haiti earthquake, links to infested Web pages have been able to take over Google's top search results for these subjects, with unsuspecting users ending up clicking on them and getting their computer infected. According to Bogdan Calin of Acunetix, when searching for the name "Gray Powell", "4 out of 10 results from Google’s first page were links to malware." Fortunately, it appears that either these pages have fallen down the rankings or Google has taken them off their database, since none of the links shown on the screenshot in Calin's article are present in the first page of results anymore.
Calin downloaded and tested the malware present on the malicious pages. It is apparently scareware / rogue antivirus: upon clicking on the infected link, the target user is shown a dialog box (wrongfully) advising him that his computer might be in danger. A fake antivirus scan then starts and the user is asked to download and/or buy (bogus) antivirus software that will get rid of the so-called infection.
When scanned on Virustotal.com, the malware was only detected by 10 out of forty popular antivirus software products. This is of course problematic because, given the high popularity of the iPhone 4G story and of Gray Powell--the name was 13th on Google's Hot Trends list when Calin wrote his article--, it is highly likely that a large number of users got infected.
Needless to say, the general advice is to look carefully at the title, description and URL of a Google search result before clicking on the link, If it looks suspicious, it may be a good idea to pass on it and try another one. As Calin indicates in his article, "lately, Search Engine Optimization is being widely used for distributing malware." Not only malware authors are being increasingly creative, we can clearly see that the means of distribution are also getting more and more sophisticated.
|
