(Hat-tip to Calvin).
You know you’re a big deal when scammers use you in their SEO poisoning antics, and unfortunately Marvin Sapp (American Gospel singer / songwriter) is the latest victim of Fake Antivirus peddlers. His wife died a few days ago, and it didn’t take long before malicious websites were riding high in Google image search. From the very first page:
Click to Enlarge
The highlighted image above takes the end-user to conversestore(dot)net/blog/tmp/marvin-sapp(dot)html, which presents them with some random text, screenshots and a fake video:
Click to Enlarge
Also of note: the “Youtube” favicon, which tends to pop up on fake video sites. After a few seconds (and before the user can even touch the fake video), the site forwards the user on to safe-me-please60(dot)co(dot)cc and presents them with fake scans and executable download prompts:
Click to Enlarge
Running the executable will place a fake antivirus program on the PC – in this case, “My Security Shield”.
Click to Enlarge
Detections are low for this one at present, with 16/43 catching the rogue and our good selves snagging it as Trojan.Win32.Generic!BT. Be warned that there are other sites with dubious links and redirects floating in and out of Image search, although not all of them appear to be live. You might want to avoid searching for images related to this particular story for the time being and stick to reading about it instead…
Christopher Boyd