tumblr hit counter

Black(hat) Friday and Cyber(crime) Monday

Nov 17

You may be in for more than you bargained for if you plan on looking for the latest Black Friday or Cyber Monday deals online.  Cyber criminals are quick to capitalize on new opportunities and have already done so by optimizing their Blackhat SEO campaigns to infect those looking for those hot ticket item deals.

The following image is a malicious search result aimed at innocent users looking for Black Friday deals at a popular U.S. based retail chain:

Best Buy/Black Friday Malicious Search Result

Best Buy/Black Friday Malicious Search Result

Clicking on the link in the Firefox browser will redirect you to a fake Firefox “update” website, which will then infect your computer with fake antivirus software:

Fake Firefox Update Website

Fake Firefox Update Website

Clicking the link in Internet Explorer (or any other browser) will lead you directly to the fake antivirus scan page:

Rogueware "Fake Antivirus" Page

Rogueware "Fake Antivirus" Page

We want you to find the best deals this holiday season, but not at the expense of your computer becoming infected by malware.  Here are 5 tips that you can follow for a safe holiday shopping season:

  • Always run up-to-date antimalware protection.  You can download our award-winning Panda Cloud Antivirus software for FREE at http://www.cloudantivirus.com
  • Avoid using search engines for locating special holiday deals.  This blog post is a demonstration of how quickly that can go wrong.  Instead, go directly to reputable sites that you are familiar with (E.g. bestbuy.com, walmart.com, frys.com, etc).
  • Cyber criminals are particularly skilled at automating the exploitation of critical vulnerabilities in operating systems and commonly used applications. You can quickly find yourself silently redirected to a website with a carefully crafted malicious payload, which could leave your computer infected with a data stealing Trojan, all without your knowledge.  Avoid this by installing all available Operating System and software updates/security patches from the official websites or updater applications.  In addition, we strongly advise updating Adobe Flash, Adobe Reader, and Java Sun software, as they are commonly targeted by cyber criminals.
  • Don’t underestimate criminals.  They will create fake advertisements, shopping carts, and poison various search terms.  If you are not sure about a particular site, a quick look in your favorite search engine should indicate whether or not you should purchase from that site.  If you can’t find anything about that retailer, then the chances are you should probably not shop there.
  • You should only purchase from sites that take advantage of secure browsing (SSL/https), but don’t think that you’re in the clear just because you see that neat little padlock in the right hand corner of your browser.  SSL only works to create a secure Internet tunnel between you and the e-commerce server.  You can still transmit sensitive data over to cyber criminals, so it’s best to run frequent antimalware scans!  Don’t believe me? Check out this Banking Trojan example:

Post to Twitter

  • (2) Comments


  1. [...] Yesterday, we talked about a Blackhat SEO scam targeting various Black Friday keywords.  If you take a look at the Google Instant Preview pane on the right, you’ll see that actual Best Buy ads are shown!  This could very well convince someone to click on the malicious link! Black Friday Instant Preview (CLICK FOR FULL SIZE) [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!

    Panda Security on Facebook
  • Blogroll

  • Categories