Alert reader Marco tipped us off about this one: a web site loaded with 10 landing pages used to poison search results for the Chile mine rescue story. The real agenda was to scam you into installing a rogue security product. Any of the links will redirect your browser to a download site in the familiar co.cc domain.
(Click on graphic to enlarge)
These are the URLs. Notice the variations on the theme of “Chile”, “mine” and “rescue.”
(Click on graphic to enlarge)
Clicking on any of the above results in a Firefox browser gets you this:
(Click on graphic to enlarge)
It’s the “update-your-Firefox-browser” scam, although the page didn’t wait for you to click any buttons, it started itself.
That’s detected as VirTool.Win32.Obfuscator.hg!b1 (v) which is commonly used to download other malcode (like maybe a rogue — see below).
As a side note, we were running the latest version of Firefox, just released today: version 3.6.11:
And for Internet Explorer users
There was no sign of the glitch we blogged about earlier this week, when IE users were told their Firefox browser needed to be updated.
But, without AV protection, clicking through will get you this:
(Click on graphic to enlarge)
It’s the SecurityTool rogue (see GFI Sunbelt Rogue Blog entry here. )
(Click on graphic to enlarge)
Thanks Marco.
Tom Kelchner