Compromised Halloween websites passing along rogue software
An internet search using the keywords “halloween costumes” may turn up a number of legitimate sites that have been compromised, and users might end up with rogue anti-virus software on their machine.
The Halloween attack uses search engine optimization manipulation to distribute the campaigns, according to a Wednesday TrendLabs blog post.
Attackers prey on the vulnerabilities in legitimate websites to embed malicious code, according to Trend. Once determining a website is vulnerable, a pointer to a specially crafted rogue page -- containing many mentions of the words "halloween costumes" -- is injected into the legitimate website.
That way, when an unsuspecting web user searches those terms, the
legitimate but compromised website will return a high ranking and he or
she will be more likely to visit there.
