IT security and control firm Sophos is warning that hackers are
exploiting a problem with McAfee's anti-virus product that has
caused hundreds of thousands of computers around the world to
repeatedly reboot themselves, effectively becoming inoperable.
McAfee accidentally issued a detection update yesterday which
mistakenly detected a harmless Windows file, svchost.exe, as
"W32/Wecorl.a", and caused critical problems on affected PCs.
Hackers, however, are compounding the problem by using
blackhat SEO (search engine optimisation) techniques to create
webpages stuffed with content which appears to be related to
McAfee's false alarm problem - but are really designed to infect
Sophos has identified malicious webpages which appear on the first
page of Google results if users search for phrases associated with
McAfee's false positive.
"It's bad enough if many of the computers in your company are
out of action because of a faulty security update, but it's even
worse if you infect your network by Googling for a fix," explained
Cluley, senior technology consultant for Sophos. "These
poisoned pages are appearing on the very first page of search
engine results, making it likely that many will click on them. If
you visit the links you may see pop-up warnings telling you about
security issues with your computer. The warnings are fake and
designed to trick you into downloading dangerous software, which
could result in hackers gaining control of your corporate computers
or the theft of your credit card details."
In the past, hackers have used the same techniques to infect
users hunting for information about Sandra Bullock's marriage
problems, Tiger Woods' car crash, and the death of celebrities such
as Michael Jackson and Natasha Richardson.
"SEO poisoning is one of the fastest-growing areas of cybercrime
today," explained Cluley. "The hackers know that users turn to
search engines when they are looking for the latest news on a
breaking story, and are lying in wait to infect the unwary."
Sophos recommends that businesses protect their users by running
a web security solution which scans every webpage and link clicked
upon for malware and criminal activity.