Your one-stop web resource providing safety and security information to manufacturers

One vulnerable web site may be able to fulfill a number of cyber criminal organizations, each one altering the site to serve its own purposes.

In many cases, websites end up compromised and altered to lead visitors to domains that push fake antivirus programs, which lately have become a great way for criminals to earn a big payday, security researchers found.

Flashback Variant Hits Macs
Malware Beat Down: Flashback on Wane
Attack Vector: Phishing Real or Phony?
Tool to Counter Cyber Threats

Once they overtake the site, the attackers rely on Blackhat SEO techniques to increase traffic to their fake programs, said researchers at Zscaler.

In order to do this, they set up two different pages on the compromised domain. First, they create a spam page that search engines, security scanners and blacklisting mechanisms see as harmless. This page doesn’t contain any obfuscated code and performs the redirect via a PHP or .htaccess file.

Schneider Bold

The second page is the one that contains the redirect to a site in charge of performing the attack on users.

More recently, researchers identified a number of overtaken websites designed to send users to Fake AVs, but were also infected with a malicious piece of JavaScript which held an IFRAME injection that pointed to locations such as, or

Fortunately, search engines flag this JavaScript as being malicious fairly fast. That’s because the script is present on all the web pages and it goes before the original HTML code.

While in most cases users can protect themselves against such attacks by utilizing a lot of common sense and reliable security solutions, website administrators and owners should also act responsibly and check their websites as often as they can for any type of misuse.

Pin It on Pinterest

Share This