Massachusetts Senate Race Spurs Malware Flurry


Many of the Internet users looking for the latest breaking news and analysis pertaining to the Republican Party's surprising victory in the Massachusetts Senate race this week have become the latest victims of cyber attackers and their increasingly sophisticated manipulation of search engine results.

According to a blog entry penned by Kevin Haley, Symantec's Security Response group product manager, the much-discussed victory by GOP candidate Scott Brown over Democrat Martha Coakley has attracted malware purveyors because it has won the attention of so many online readers.

According to Symantec, 33 of the top 100 results from a search for "Massachusetts senate race results" led to malicious sites. Moreover, 11 of the first 100 results for the related search of "Brown Coakley results" also led to malicious sites used to coerce users into buying and installing bogus antivirus software.

"So, the bad guys raced to answer this need, but it wasn't with information on who won," Haley wrote. "It was with traps to infect us with rogue security software."

"Unfortunately none of this is all that surprising to us," he added. "From Michael Jackson's death, to the tragedy in Haiti, to whatever the next big news story is, the bad guys always seek to take advantage of our interest."

Socially engineered malware scams, which have always been popular with malware creators, have exploded in the past year. The release of Microsoft's (NASDAQ: MSFT) Windows 7 operating system, the so-called "Balloon Boy" and anything related to celebrities such as Brad Pitt and Angelina Jolie were the search terms that attracted the most hits and malware in 2009.

Sometimes the malware infects a machine with a virus. Other times, it includes a link to a phishing scam that attempts to extract personal banking information or Social Security numbers.

This time, Symantec found the Brown-Coakley senate race was targeted by those looking to con people into buying "scareware," utterly useless antivirus software that appears to solve the very problem that it has created.

Haley said this illegal search engine optimization tactic exploits search engine indexing algorithms that determine the relevancy of a site by the number of links that point to it.

"Black hat SEO campaigns have also been known to exploit vulnerabilities in Web sites, such as with Cross-Site Scripting," he said. "In one reported example, vulnerabilities in a popular blogging platform were exploited to promote rogue security software. Scam distributors also purchase keywords from search engines in order to boost the ranking of their scam Web sites and so that the Web sites will appear as valid, 'sponsored' results."

Haley also said spam scammers sometimes even create malicious or false search engines to spread their wares.

Symantec researchers are advising Internet users to always update their legitimate security software applications, pay close attention to all their search engine results, be cautious of any pop-up displays and banner ads and to never accept or open suspicious error displays within their browsers.

Larry Barrett is a senior editor at, the news service of, the network for technology professionals.