Various Olympics Related Dangerous Google Searches

Published: 2010-02-15
Last Updated: 2010-02-15 20:26:18 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

We have received reports about the (sadly expected by now) search engine poisoning for various Olympics related terms. For example the name of the killed Georgian luge athlete is used to redirect unsuspecting users to fake anti virus and other malicious content. The redirect is browser dependent. Firefox is usually redirected to "" (note the 'q' as first letter instead of a 'g'). It is probably advisable to watch out for DNS requests for this domain to spot possible infections. Internet explorer is redirected to a wide range of different domains which apparently are picked at random.


Video of the attack


Johannes B. Ullrich, Ph.D.  - IPv6 Training
SANS Technology Institute

1 comment(s)


Is there anyway to determine all the URLs this type of malware could redirect to?

Diary Archives