Attackers continue to perform Blackhat SEO attacks on Google searches, particularly trending topics. Dangerous results are returned linking the user to Rogue Anti-Virus downloads through a series of scripts and redirects.
The search terms used in this example are "chromium os download", though any combination of terms could return dangerous results. The 5th result in the search below leads to scareware.
After a standard installation, the user is now infected with "SecureKeeper". This is a brand new variant first reported by Sunbelt just yesterday.
This is a very typical attack that continues to happen all too often. Attackers will regularly change redirect URLs, malware distribution points and final payloads. This allows them to keep PageRank high and evade detection by anti-virus programs and web filters. The sites are further protected by checking the referring site to ensure the infected page can only be accessed from Google search results.
Raising awareness about this type of scam is one of the most effective ways to keep users safe. Other search engines are targeted less by attackers, which may make them safer for the novice user. eSoft tracks attacks on trending topics and is marking any associated sites as malicous.