Google’s search rankings are being stuffed with links to fake security software that purports to remove Conficker, a widespread worm that’s currently the Internet’s number one security threat, but doesn’t.
Certain search terms will bring up a host of Web pages that could either infect a PC with malicious software or try to sell a dodgy security program, said Rik Ferguson, senior security advisor for the vendor Trend Micro.
Ferguson said he’s noticed an uptick in these kinds of sites over the last day or so as other legitimate software tools have been released that can detect Conficker, which has infected between 3 million and 10 million PCs worldwide.
For example, a search for “Nmap Conficker” will bring up malicious results, Ferguson said. Nmap is an open-source networking tool that has been upgraded to detect Conficker infections. Ferguson said he was surprised at how quickly the scammers began manipulating Google with those search terms, as Nmap was just recently upgraded.
Scammers game Google’s search engine by creating Web sites full of search terms, Ferguson said. Another tactic is spamming high-traffic Web sites that lead back to their malicious site in order to drive their Web site up the search ranks.
Google has been battling those who try to manipulate its search engine, but the scammers sometimes win out for a while. Ferguson, who posted screen shots of searches he did late Monday night, said he has contacted Google about his findings.
The fake security software Web sites will ask a user to download a file that scans a machine for malware. The software usually tells the user the PC has malicious software even if it isn’t infected, Ferguson said. The software will then badger the user to buy the questionable security program.
“Once you’ve downloaded it, it’s extremely difficult to get that stuff off your machine,” Ferguson said.