Fake Black Friday search ads lure shoppers to install rogueware

Holiday shoppers know that searching the internet can help them find the best Black Friday and Cyber Monday deals, often weeks ahead of time. Unfortunately, this year, many are getting much more than what they’d bargained for.

Cyber criminals are now using BlackHat search engine optimization (SEO) campaigns to lure web shoppers to their malicious software by disguising them as official-looking search results. The optimization ensures that their ad is among the top results a user sees. When the link is clicked, it leads to convincing fake antivirus rogueware which, when installed, can transmit personal information back to the crooks.


One such BlackHat SEO campaign is disguised as a Black Friday ad for electronics retailer Best Buy, one of the main Black Friday shopping destinations. Firefox users are redirected to a fraudulent Firefox update page which installs the fake antivirus application rather than a browser update. Internet Explorer users find themselves immediately led to a fake antivirus page that is modeled after Microsoft Security Essentials.

As we reported earlier this week, these types of fake antivirus scams are on the rise and criminals are finding ways to make their malware more difficult for internet users to detect. PandaLabs lists some steps that shoppers can take to ensure theirs systems and data are not compromised:

  • Always run antimalware protection, keep it updated with the latest definitions, and run frequent scans
  • Rather than using search engines to locate deals, go directly to retailers’ websites
  • Keep all software up-to-date with the latest security patches, especially Adobe Flash, Reader, and Java
  • Only purchase from sites that use secure browsing (SSL/https)
  • Research any retailers that are unfamiliar and trust your instincts if something doesn’t seem quite right

And you can do what I do and skip the Black Friday/Cyber Monday madness altogether. There are plenty of other good shopping deals to be had during the year.

No posts to display