Live Global Events: Secure, Simplify, and Transform Your Business.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Blackhat Spam SEO & Fake AV: They Are Still There

November 30, 2010 - 2 min read

It's quite depressing to see that Google still contains numerous links to spam pages which lead to fake AV sites. While there are fewer of them, they are still there. This, despite the fact that attackers have not significantly changed their techniques in many months. They still hijack vulnerable sites and create spam pages with similar URL patterns. The fake AV pages are mostly the same, using the same CSS and Javascript code and antivirus engines continually fail to detect the majority of  the malicious executables.

Here is a typical example of what users will still encounter. The site has been hijacked to host thousands of pages like

Primitive, but effective, SEO spam page
As usual, the page redirects real users coming from a search on Google, Yahoo! or Bing to a fake AV page. This time, the fake AV is slightly different. It mentions a "Windows Security Update", and is hosted on (still up at the time of writing). It looks the same as traditional fake AV sites, with animation showing an antivirus scan of the computer.

Fake AV page
And again, the detection rate amongst AV vendors is only around 25%.

Malicious executable disguised as an antivirus

Not much has changed in the past 6+ months in the world of malicious spam SEO. While Google has made efforts to combat the fake AV sites and the number of malicious spam links in popular Google searches has gone down somewhat, more needs to be done.

-- Julien
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.