Several leading security firms, including CyberDefender, Blue Coat, Panda Software and BitDefender, warned attackers were targeting users searching online for Halloween-related topics.
Attackers are targeting people searching for last-minute
ideas on Halloween costumes, said CyberDefender on Oct. 29.
The Internet security vendor joined several other
security firms, including Blue Coat and BitDefender, to warn users searching
online for Halloween-related topics.
"Popular search terms have always been a target for
cyber-criminals," said Achal Khetarpal, director of CyberDefender Research Labs.
CyberDefender identified a fake anti-virus Trojan
downloader infecting pages that come up when searching for Halloween costumes.
When users land on these infected pages, the fake anti-virus installer hijacks
the user's Web browser and initiates a malicious process, CyberDefender said.
The infected PC becomes sluggish and slow-performing while exposing personal
, according to the company.
One form, identified by Panda Labs, displays a fake video
and asks the user to download a codec in order to play the video.
Popular search terms reflect what users are interested in
at that time, making it a lucrative target. Criminals often create pages that
are highly search engine optimized, with keywords reflecting currently popular
search terms, said Khetarpal.
, hackers create these pages that Google and other search engines pick
up thinking they are legitimate, and return them when users type in the search
terms, said CyberDefender.
According to Panda Labs, searching for Halloween costumes,
Halloween decorations, Halloween ideas, Adult Halloween costumes, and Free
pumpkin pattern, can return search results with malicious links
Blue Coat said clicking on the infected link lands users on
a page hosted within a hacked blog, which then redirects users to a malware
distribution site. Users are presented with a download for an executable file
with a name that was constructed based on the original search term, said Blue
Coat. For example, users typing "Regis and Kelly Halloween show" in the search
engine will see a filename like "regis-and-kelly-halloween-show-2009-to-play-40064,"
or "office appropriate Halloween costumes" returning "office-appropriate-halloween-costumes-to-play-40064,"
said Blue Coat.
According to the screenshot of malicious search results
posted on the Panda Labs blog, the listed URL looks legitimate, with phrases
like "halloween-costumes" embedded in the URL, and the page name also looks
relevant, such as "Viking Halloween costume." The description is a giveaway,
since it seems to not have anything to do with the page.
According to BitDefender, "If you're planning to find
templates for Halloween invitations, or if you're trying to find a print shop
for what you already have, then you should keep an eye on what search results
you're about to click."
Khetarpal advised users to manually type the Web site URL,
instead of just clicking on links displayed on the Google search results page.
For example, if the search results page show a Halloween costume at Target,
users should type target.com in the address bar and search within the store's
Web site instead of clicking on the link directly. This way, users won't be
re-directed to an infected site, Khetarpal said.
"Users should only click trusted links or type in
the site address they want into the search bar," he said.
Spammers and hackers often take advantage of current
events, popular trends, and holidays like Halloween
to target users. For example, there tends to be surge
in the volume of spam with Super Bowl-related subject lines. According to
Khetarpal, holidays and celebrities are "hot topics" and "prime targets" for
Khetarpal and other security experts advised users to verify they have a
security software suite installed on the computer before going online, let
alone searching for something. The suite should be updated to its most recent
version, and the operating system should be patched
with the latest updates, they said.