We have discussed SEO poisoning extensively in the ESET Threat Blog, and it should come as no surprise to our readers that any topic which trends up quickly in search engine traffic will be exploited by the criminals who specialize in such activities.  The poisoned search term du jour is "erin andrews death threat".  Apparently, Ms. Andrews is a newscaster for cable sports television channel ESPN and reality TV show contestant who rose to notoriety last year when she was videotaped by a peeping tom, resulting in a cascade of both Microsoft Windows and Mac OS X malware (OSX/Jahlav) passed off as the video.  More recently, she has received death threats via e-mail, causing an upsurge in search results.

While we have not seen any malicious code being distributed yet—and the single report we did receive of a malicious site turned out be a false positive generated by a search engine—we did observe that link farms were populating the aforementioned terms in order to receive higher ranking in search engine results, and it likely only a matter of time before malware distribution begins in earnest.

So… what can end-users do to protect themselves?  There is nothing special about this spamvertised campaign and the standard techniques that protect you from other web-borne threats apply equally here:

  • Keep your operating system, web browser and applications patched, as having up-to-date software reduces your computer’s vulnerability—it's so-called "attack surface."
  • If you are running Microsoft Windows, log in as a standard user instead of as an administrator.  When you are logged in with the privileges of an administrator any action you perform, or, by extension, any actions performed by software you are running, have the same rights as a system administrator.   By logging in as an unprivileged user, you reduce the risk of a vulnerability being successfully exploited.
  • Consider using a different, less well-known web browser.  While the scarcity or prevalence of a web browser’s market share is not an indicator of its security, malware authors and distributors target the most widely-used web browsers first, since that allows them to infect a larger majority of computers.
  • Consider disabling scripting languages such as JavaScript in your web browser, only allowing scripts to run from sites you trust. Some PDF readers support JavaScript, too.  Check with the author of your PDF reader for instructions on how to disable this functionality.
  • If you typically get your news through a search engine, consider switching to a dedicated news source, such as the web site for a favorite television news show, newspaper or magazine.  While news web sites are targeted just like any other web site, going to one of them instead of a random site which shows up at the top of your search query helps ensure you don’t visit a web site created specifically to spread malware.
  • Use reliable anti-malware software on your computer.  If you use a portable computer, or your computer connects directly to the Internet, consider a software-based firewall as well.

For more information about safe searching and protecting your computer, visit ESET's Security Tips page.  Also, be sure to visit Security Our eCity website, a public and private partnership aimed at protecting the public from cybercrime through user education.

Regards,

Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher