The most popular search for several hours today was “787 first flight video”. This search and related searches are saturated with malicious results leading to rogue AV and potentially other malicious payloads.
At peak hours, 5 out of the first 9 results lead to malicious payloads as users were pushed through a series of redirect pages and to different distribution points.
While the distribution points and payloads varied, their effectiveness did not. Most sites were undetected by Google Safe Browsing and the malicious payloads they delivered had very low anti-virus detection rates.
This latest attack is nothing new, but it is shocking how quickly and effectively cybercriminals are able to react to the latest news trends. In this particular attack, the dangerous top results seemed to be compromised sites with existing reputations which makes detection much more difficult.