Attackers are targeting people searching for last-minute Halloween costume ideas, reported CyberDefender on Oct. 29. The Internet security vendor, along with other firms like Blue Coat and BitDefender, warned users about the dangers of searching online for Halloween-related topics.
"Popular search terms have always been a target for cyber-criminals," said Achal Khetarpal, director of CyberDefender Research Labs.
CyberDefender identified a fake anti-virus Trojan downloader infecting pages related to Halloween costume searches. When users visit these pages, the fake anti-virus installer hijacks the user’s web browser and initiates a malicious process, making the PC sluggish and exposing personal data.
One form of this attack, identified by Panda Labs, displays a fake video player page and prompts users to download a codec to play the video.
"Popular search terms reflect current user interests, making them lucrative targets," Khetarpal explained. Criminals create pages optimized for search engines, embedding popular keywords to attract traffic, a tactic known as SEO poisoning.
According to Panda Labs, searching for terms like "Halloween costumes," "Halloween decorations," "Halloween ideas," "Adult Halloween costumes," and "Free pumpkin pattern" can lead to malicious links in search results.
Blue Coat revealed that clicking on an infected link redirects users from a hacked blog to a malware distribution site. Users are then prompted to download an executable file named based on their original search term. For instance, searching "Regis and Kelly Halloween show" might yield a file named "regis-and-kelly-halloween-show-2009-to-play-40064," or "office appropriate Halloween costumes" could result in "office-appropriate-halloween-costumes-to-play-40064."
Panda Labs' screenshots of malicious search results show URLs that appear legitimate, with phrases like "halloween-costumes" embedded in the URL, and relevant-looking page names such as "Viking Halloween costume." However, the descriptions often do not match the page content, indicating a scam.
BitDefender advised, "If you’re planning to find templates for Halloween invitations, or trying to locate a print shop, be cautious of the search results you click."
Khetarpal recommended typing the web site URL directly into the browser rather than clicking on search result links. For instance, if searching for a Halloween costume at Target, users should type target.com in the address bar and search within the store’s website. This reduces the risk of being redirected to an infected site.
"Users should only click trusted links or type the site address they want into the search bar," he said.
Spammers and hackers exploit current events, popular trends, and holidays like Halloween to target users. Events like the Super Bowl also see a surge in spam. According to Khetarpal, holidays and celebrities are "hot topics" and "prime targets" for malware authors.
Khetarpal and other security experts advise users to ensure their security software suite is installed and updated before going online. They should also keep their operating systems patched with the latest updates.