July 13, 2009

More Blackhat SEO, Pelosi is Target

The blackhats continue to push their rogue security programs via Search Engine Optimization techniques. This time I ran across a site using US Congress House Speaker Nancy Pelosi's name. It appears to be all sorts of headlines and keywords such as:





pelosi says surge did not work

And there's also some not so flattering phrases:



pelosi insane
pelosi is an idiot
pelosi is a communist

Some well worded SEO there bound to attract search engine hits.

The site contains some Javascript code in it (well not anymore but it was there) which after traveling through a couple redirect sites ultimately takes the visitor to some rogue security software sites. One of which uses drive-by fake scanning tactics. The redirect sites contain quite sophisticated Javascript code to hide their purpose. They also appear to redirect you based on where you came from.

The two rogue websites by the way are:

  • protectionbenefits.cn (83.133.123.113 Germany)
  • securedvirusscan.com (94.102.48.29 Netherlands)
This is in no way "new news" as reported by me earlier this year Ford was a target of these fraudsters and Panda Security has numerous siteings. This surely will continue for as long as they have the ability to operate the sites.
:(

No comments: