Just when you think they couldn't possibly go any lower ... The bad guys behind the Rogue AV scam (see my old diary at http://isc.sans.org/diary.html?storyid=7144 about Rogue AV) are heavily using SEO techniques to make links to their sites appear high on search engines. For example, when using Google to search for "haiti earthquake donation" top 6 hits (!) lead to compromised web sites which in turn check the referrer (they verify if you are coming from a search engine) and, if that is true, redirect you to another web site.



At the moment they are redirecting to scan-now24.com which appears to be taken down.
As posted on numerous places yesterday – if you plan on donating be very careful about sites you visit.

--
Bojan
INFIGO IS