Posted by Virus Bulletin on Mar 5, 2010
Harmless documents replaced by web pages containing malicious code.
Researchers at F-Secure have discovered a new SEO poisoning trick in which attackers put harmless PDFs on a website to raise the site's profile in web searches but, after the site has been indexed by search engines, replace the PDFs with web pages containing malicious Flash code.
SEO poisoning is a popular trick among malware authors in which they try to get their malicious sites ranked at or near the top of search engine results, often on searches for key hot topics. In this case, surfers searching for ice hockey players were led to URLs containing apparently harmless PDF documents.
After some time had passed, the crooks replaced the innocent PDFs with web pages containing malicious Flash code which, if executed, would install rogue anti-virus software on the user's computer.
Google and other search engines work hard to keep their results clean and accurate but those with bad intentions are always a step ahead; VB advises users always to exercise caution when visiting links in search results.