Scareware Campaign Using Google Sponsored Links

November 18, 2009

A scareware campaign is currently using Google sponsored ads, and by hijacking a decent number of well positioned keywords, is attempting to trick visitors into installing scareware featuring several new templates. This is, of course, not the first and definitely not the last time scareware campaigners are using highly targeted legitimate networks in order to reach potential audience by making an investment into the traffic acquisition practice.

However, compared to the "long tail centered" blackhat SEO, the use of legitimate ad networks would never reach a positive ROI, like the one achieved by dynamic syndication of legitimate content and monetizing it through scareware.

Scareware domains seen in circulation: 
adwarealert .com - 75.125.200.226
adware-pro-2009 .com - 209.216.193.113
adwareprosite .com - 188.121.46.1 - Email: pedrocanas75@gmail.com 
adwarepro-site .com - 209.216.193.101 - Email: pedrocanas75@gmail.com 
antimalwarenow .com - 173.201.0.128
anti-malware-pro .org - 209.216.193.103 - Email: pedrocanas75@gmail.com

antimalware-software .com - 209.216.193.11
antimalware-software .org - 209.216.193.106 - Email: pedrocanas75@gmail.com
get-spyware-destroyer .com - 63.243.188.37 - Email: admin@upclick.com
macrovirus .com - 75.125.152.58
malwareprofessional .com - 74.205.8.6


theantimalware .com - 173.201.0.12
adware-pro-live .com - 209.216.193.9
antivirus-live-pro .com - 209.216.193.9
antivirus-live-pro .org
antivirus-live-software .com
antivirus-pro-live .com
antiviruspro-live .com

Sample detection rates: anti-malware-application.exe; malware_professional.exe; macro_virus.exe; antimalware_pro.exe; spyware_destroyer.exe; AdwarePro_Setup.exe; AdwarePro_Setup06.exe; AdwarePro_Setup2305.exe.

Consider going through the The Ultimate Guide to Scareware Protection detailing alternative traffic acquisition approaches used by scareware campaigners, as well as the related posts dissecting recent blackhat SEO campaigns.

Related posts:
Massive Scareware Serving Blackhat SEO, the Koobface Gang Style
Dissecting the Ongoing U.S Federal Forms Themed Blackhat SEO Campaign
U.S Federal Forms Blackhat SEO Themed Scareware Campaign Expanding
Blackhat SEO Campaign Hijacks U.S Federal Form Keywords, Serves Scareware
A Peek Inside the Managed Blackhat SEO Ecosystem 
Dissecting a Swine Flu Black SEO Campaign
Massive Blackhat SEO Campaign Serving Scareware
From Ukrainian Blackhat SEO Gang With Love
From Ukrainian Blackhat SEO Gang With Love - Part Two
From Ukraine with Scareware Serving Tweets, Bogus LinkedIn/Scribd Accounts, and Blackhat SEO Farms
Fake Web Hosting Provider - Front-end to Scareware Blackhat SEO Campaign at Blogspot

This post has been reproduced from Dancho Danchev's blog.

About the author

Dancho Danchev is the world's leading expert in the field of cybercrime fighting and threat intelligence gathering having actively pioneered his own methodlogy for processing threat intelligence leading to a successful set of hundreas of high-quality anaysis and research articles published at the industry's leading threat intelligence blog - ZDNet's Zero Day, Dancho Danchev's Mind Streams of Information Security Knowledge and Webroot's Threat Blog with his research featured in Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld, H+Magazine currently producing threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge. With his research featured at RSA Europe, CyberCamp, InfoSec, GCHQ and Interpol the researcher continues to actively produce threat intelligence at the industry's leading threat intelligence blog - Dancho Danchev's - Mind Streams of Information Security Knowledge publishing a diverse set of hundreds of high-quality research analysis detailing the malicious and fraudulent activities at nation-state and malicious actors across the globe.