Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Various Olympics Related Dangerous Google Searches - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Various Olympics Related Dangerous Google Searches

We have received reports about the (sadly expected by now) search engine poisoning for various Olympics related terms. For example the name of the killed Georgian luge athlete is used to redirect unsuspecting users to fake anti virus and other malicious content. The redirect is browser dependent. Firefox is usually redirected to "" (note the 'q' as first letter instead of a 'g'). It is probably advisable to watch out for DNS requests for this domain to spot possible infections. Internet explorer is redirected to a wide range of different domains which apparently are picked at random.


Video of the attack


Johannes B. Ullrich, Ph.D.  - IPv6 Training
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS Cyber Defence Japan August 2022


4512 Posts
ISC Handler
Feb 15th 2010
Is there anyway to determine all the URLs this type of malware could redirect to?

Sign Up for Free or Log In to start participating in the conversation!