Security experts have discovered a malicious program aimed at tricking users into clicking on phony search results on fake Google, Yahoo and MSN sites.
People with infected machines who try to visit those popular search sites are redirected to spoof versions, antivirus company Panda Software said Friday. The spoof sites serve up bogus search results intended to generate traffic and revenue for other sites that are presumed to be in on the scheme, said Patrick Hinojosa, Panda’s chief technology officer. “This is a business; this is organized crime,” Hinojosa said. “People are making money on it.”
Representatives from Google, Microsoft and Yahoo did not immediately return inquiries for comment. Machines can become infected with the program, called PremiumSearch, when visiting Web sites that distribute pirated software and pornography, Panda reported. Hinojosa said he doesn’t know how many machines have been infected.
Besides altered search results, the spoof sites are indistinguishable from the original version, the company said. The program also installs a fake Google toolbar that similarly interferes with results.
Hinojosa said Panda notified the Internet service provider that is hosting the spoof sites in the United States. He declined to name the ISP, noting that it might have already shut the sites down. Panda also notified federal authorities, including the FBI, he said.
Panda, which is based in Bilbao, Spain, makes software to combat viruses, worms, spyware and other unwanted programs. It discovered the PremiumSearch threat through its “early warning system.”