Select Page

We’re seeing a large amount of seeded search results which lead to malware sites.

These are using common, innocent terms — one researcher landed on a malware site through searching for alternate firmware for a router.

For example, this search for “netgear ProSafe DD-WRT” yields these results:


That site, luewusxrijke(dot)cn/769(dot)html, redirects to another site which pushes a fake codec (malware) and attempts to exploit vulnerable system:


This IFRAME leads to additional malware installs:

These malware distributors are using keywords to lure people into their sites (some example search terms here — PDF).

Some more examples, on innocent search terms.




Clicking on these links will expose the user to exploits which will infect a vulnerable system (in other words, a system that is not fully up-to-date with the latest patches).

Alex Eckelberry
(Thanks Adam Thomas)