Zscaler Blog

Google searches for popular software (Windows, Microsoft Office, etc.) often contain links to fake online stores since at least December 2010. Google has done very little to clean up the search results.
 

Only 1 of these results is legitimate!

The situation is actually getting worse. More and more of these malicious search results redirect users to malicious pages containing malware, generally a fake AV page. About 8% of the links redirected to a malware pages in May compared to fewer than 1% in January.

Some of the malicious domains seen in May were adremekj2.cz.cc, drxjgjd.co.cc, krrhlrxl.co.cc, etc.

Top 1,000 hijacked domains

The most popular domains used by hijackers in May were mit.edu (nemis.mit.edu, scripts.mit.edu), harvard.edu (www.schepends.harvard.edu), stanford.edu (assu.stanford.edu), and notably ign.com (ffvault.ign.com), which ranks #158 by Alexa.

Only 5% of the malicious links in Google were flagged, but the number of malware sites overall (fake AV, browser exploits, malicious applets, etc.) have been going down since January.

Be very careful if you need to buy software online - use trusted websites only, and do not believe any website offering bigger discounts than usual.

-- Julien