Looks like they’re starting early with these scams, seeing as Easter isn’t until April 24th.
Patrick Jordan came across some dubious links while digging around for printable Easter Cards on .pl domains. These redirect links are lurking at the top of search results, and there seem to be quite a few URLs involved.
Click to Enlarge
Click to Enlarge
In the above examples, end-users would hit one of the “it’s a trap” landing pages, then be redirected to sites pushing the System Defender rogue.
Click to Enlarge
Cue Patrick:
“1. Site/url changes almost every 24 to 48 hours.
2. Can make only one run as it then rotates to ad site for 24 hours unless you change your IP.
3. Also, for the last two site/urls they are in the #1 position in the Google results”
If you accidentally hit one of these scam sites, don’t panic and DON’T open up any executable files presented in the middle of an entirely fake system scan. Just close the prompt, leave the site (shut down your browser with CTRL+ALT+DEL if you have to) and walk away – whistling optional.
Christopher Boyd (Thanks Patrick)