We’re seeing a large amount of seeded search results which lead to malware sites.
These are using common, innocent terms — one researcher landed on a malware site through searching for alternate firmware for a router.
For example, this search for “netgear ProSafe DD-WRT” yields these results:
That site, luewusxrijke(dot)cn/769(dot)html, redirects to another site which pushes a fake codec (malware) and attempts to exploit vulnerable system:
This IFRAME leads to additional malware installs:
These malware distributors are using keywords to lure people into their sites (some example search terms here — PDF).
Some more examples, on innocent search terms.
Clicking on these links will expose the user to exploits which will infect a vulnerable system (in other words, a system that is not fully up-to-date with the latest patches).
Alex Eckelberry
(Thanks Adam Thomas)