Select Page

I’ve blogged before about the problem of Google Adwords pushing Antivirus XP Antivirus 2008. The situation is still ongoing.

However, it’s taken a turn for the worse, as these XP Antivirus pages are pushing exploits to install malware on the users system.

This will also affect the many syndicators of Google Adwords.

Google-results-bestav2009

Download-com-google-add

Bestav2009-with-sploit

Page-withscode

URLs involved in this particular event:

bestantivirus2009 com

iframe with exploits: huytegygle com/index.php <–script

There are a variety of exploits being used, including setslice and an AOL IM exploit. Unusually, an exploit framework is not being used. Fully patched systems will not be affected by these exploits.

The exploit attempts to install the following malicious file: huytegygle com/bin/ file.exe.

(Obviously, don’t visit these URLs unless you know what you’re doing, or you could be an unhappy camper.)

Alex Eckelberry