Gray Powell, the lost iPhone and malware

The story of the day is Gray Powell and the lost iPhone. I searched for him on Google and I was really surprised to see that 4 out of 10 results from Google’s first page were links to malware.

If you click on any of those links, here is what you get:

Then you receive the classic “Your computer is infected” window that proved to be so lucrative for malware writers. The window looks like a real Windows application and many people get confused and run the malware.

I’ve downloaded and scanned the malware on virustotal.com. Here is the report. Basically, only 10 from all 41 antiviruses from VirusTotal detected the malware. That’s only 24.4%, a pretty low detection rate for a malware that appears on the first page of Google results for a hot topic. I think many people already got infected by this.

The malware writers are pretty inventive, I think they’ve made an automated tool that automatically reads Google’s Hot Trends page or Twitter’s trending topics and generate pages containing malware with those terms/searches in the title and some description around it. Gray Powell is #13 on Google’s Hot Trends page right now.

It’s a very dangerous technique and I think Google should do something about it, otherwise a lot of people will get infected. Lately, Search Engine Optimization is being widely used for distributing malware. Pay attention before you click any of Google’s results. Don’t just read the page title and description, but also check the URL!

Author: Bogdan Calin, Acunetix.