Home / Malware Threats in Search Results

Malware Threats in Search Results

Please Share...Print this pageTweet about this on TwitterShare on Facebook0Share on Google+0Pin on Pinterest0Share on Tumblr0Share on StumbleUpon0Share on Reddit0Email this to someone

While searching for tips on removing malware, your chances of encountering bad and malicious ads or links increases greatly. In fact cyber-criminals use Search Engine Optimization or SEO, as their prime method of gathering Web surfers. Last April a Top Ten List of celebrity searches was published claiming that surfers were more likely to land on either fake sights or hijacked sites. They listed Jessica Biel as the number one celebrity search in 2009 most likely to land you on a bad site with malware. But you would never be searching for news on celebrities, right? Recently someone I know was searching Old English literature and was the recipient of a drive-by download of the famous WinAntiVirus2009. My point is any search can produce a site that is either infected, hijacked or redirects you to another site with bad intentions.

If searches are dangerous, just how do you search for solutions to an infection on your computer? In my opinion, only research how to get rid of malware on a clean machine. Very often the malware will be coded to intercept or redirect browsing when trying to go to the major anti-virus vendors or related sites. Searching for methods to rid a computer of malware on an infected machine will usually only get the user more chances for further infection.

Does this mean an end to searching on Yahoo, Bing or Google? Of course not.  It simply means that the more informed you are the better off you will be and the better you can protect yourself and your computer.

Let's break down one of the typical scareware or malware sites that people often see just before infection occurs. In the image I have circled some of the key points and will break them down in order from top left to bottom right. Let's begin (click the image below to enlarge it).

Typical Scareware Template

1. The first real indication that this is a fake begins at the address bar. Notice it gives a Web site address, yet the premise is to get you to believe this is your My Computer screen in Windows XP. This template is very typical of those associated with WinAntiVirus 2008, 2009 or 2010. This screen shot shows Internet Explorer and I have also seen this on a Mac Pro running Safari. The very same type of screen along with the tiny animation, which I'll discuss later, was displayed on screen. Thankfully for them it was painfully obvious that it was a hoax trying to induce action.

2. The next items are the drives and folders. The number of threats found is extremely high to have been suddenly found. Most scans take several minutes at best on the high capacity drives we use today. A question to ask yourself if you see this is, do you have multiple drives? Some of us do, most folks don't. If you are in the latter group this should be a dead giveaway. The second question you need to answer is, is that my optical drive type? A straight DVD-RAM drive is not near so common as DVD-RW type drives.

3. Next we see the animation in real time. In this picture it is shown at the end of the very short animation. The idea is to trick you into thinking that a real scan is taking place. In reality a real scan would never be that quick and in this case the number of threats found was already listed under the folders. Another dead give away for those that are informed.

4. The number of threats are given as 527 underneath the scan bar. The numbers under the folders add up to 595 if my math is correct. It is very common to find little errors such as these in the fake sites. An observant and informed eye will catch these quickly.

5. The next item is one that follows suit with item number four, bad grammar. In case you can't see the text I will reproduce it here. "Your computer remains infected by threats! They might lead to data loss and file structure damage, and needed to be heal as soon as possible." (space) "Return to Personal Antivirus and download it secure to your PC." I'm not an English major but I can see the mistakes made in the grammar and structure of the sentence.

6. Lastly we have the payload button, "Full System Cleanup". Up to this point we only have a Web page, one that may or may not be designed to continue to come up long after you leave the infected site. This is one of the reasons a lot of anti-malware products do not pick up on the threat until it is too late. So far nothing more than viewing the site has happened. If they succeed in getting you to click this button watch out. The code it will download will be very small and very fast. It will most likely install in mere seconds and disable any built in protection. You will definitely need the anti-malware tools to get rid of it if you click this button.

While this breakdown doesn't cover all scenarios, it is very typical of the types of scareware tactics being used. Always be wary of a sites that claim to see your drives and the contents inside. Look for what's out of place or doesn't feel right. Keep on the lookout for logos of major publications or sites that appear with endorsements. The fake ones will not link to the real site and usually won't link to anything.

I hope you have found this post helpful and it is my hope that together we will all have a safer Internet experience. If you have questions on this post, please ask them in the comments and I will do my best to answer them.

Powered by

About jraz

  • Yes it is. A friend of mine had almost the same screen on her Mac usin Safari. She saved me a screenshot and we both had a laugh.

  • Brian aka Guppusmaximus


    Thanks.. You definitely covered some important information here as well. Oh,btw, nice article.

  • Great information Brian.

  • jraz and Brian — Thanks to you both for taking the time to offer these detailed explanations. I feel like a 21st century Blanche DuBois: depending on the kindness of digital strangers! 🙂

  • Brian aka Guppusmaximus


    Personally, I don’t think you need to rip your computer apart to understand the basics that you are searching for. Even if you did, I think you wouldn’t learn much, feel overwhelmed and have a non functioning PC scattered on your floor. Plus, there are so many damn books out there that you could spend days just researching that.

    Here is my suggestion:

    The first step: You need to become more familiarized with your “OS” (Operating System) which is the core file system that you use everyday to accomplish tasks on your computer. From the most complex for you (uploading blogs) to the simplest(moving the mouse). The OS can also tell you critical information about your computer but you need to know where to find it. The greatest resource you have is right on your computer – It is called the “Help & Support Center”. [In Windows XP: Left-Click the Start button] It’s free,you can search for all the terms/pc info you need and you don’t have to worry about Malware,Spyware or any other forms of intrusion when you do your research.

    Second Step: Get very familiar with your “internet browser”(Internet Explorer,Firefox,Opera,Chrome) which is the software that lets you interact with the Internet. For this, I suggest using Mozilla’s Firefox[Firefox Support Home Page] because its core is more secure & it has free add-ons that can give you added protection above your anti-virus software. Did I mention it’s FREE?!

    Third Step: Get very familiar with anti-virus software. Unfortunately, this is where it gets difficult because you should really be getting familiar with internet security which in turn will help you pick out sufficient antivirus protection. These two sites are very helpful:

    On Guard Online US Cert.

  • Thanks for the kind words first. I should have included a line that the screenshot can be downloaded full size and viewed separately from the article. Try that and re-read the points 1-6. They should make more sense when viewing this way. A great way that works for me to increase my learning is reading. Books, websites, blogs and magazines are what I use. I am primarily self-taught and if I can get this far anyone can. When you come to terms you don’t know Google it and Wikipedia or ask someone. I have found that many people are very willing to share their knowledge if you ask. I think you must be doing a lot of things right if you can blog and surf the net. I see people all the time that would never dream of doing those kind of things. Learn from your mistakes and keep good backups of the important stuff. Then try new things and take some risks. I suggested to a co-worker who asked almost the same question, to go and acquire an older computer and take it apart and put it back together. Then get it to work. Books like those about becoming A+ certified are great teaching tools and many can be found in used bookstores next to nothing. Not everyone will have the inclination to do that but the first bit about reading and asking questions anyone can do. Good luck and feel free to email me questions. You can find my email in my profile of my blog.

  • Jraz — I’ve read a few of your posts and find them interesting and helpful — to a point, the point being my profound ignorance of computers and the Internet. I’ve been using a computer since the 80s, but my range of skill hasn’t increased much beyond Word documents and downloading photos. And the Internet boggles me completely; I can just manage to do a little surfing to sites I know and (finally!) upload my BC posts and just manage to run my blog. I do research, and try to allow my instincts about sites with questionable names be my guide — but I’m feeling my way around in the dark. My question is: how and where do I begin to understand all this stuff, especially the lingo? When I do go in search of answers to tech questions, it’s as if the answers are written in Greek. Even in reading some of your pieces, I have no idea what you’re saying. This article was a good example: I couldn’t make out the screen you showed, had no idea what I was looking at, so your explanations didn’t help much. Where should a not-quite-beginner go to figure out all this stuff? Many thanks.