Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Various Olympics Related Dangerous Google Searches

We have received reports about the (sadly expected by now) search engine poisoning for various Olympics related terms. For example the name of the killed Georgian luge athlete is used to redirect unsuspecting users to fake anti virus and other malicious content. The redirect is browser dependent. Firefox is usually redirected to "" (note the 'q' as first letter instead of a 'g'). It is probably advisable to watch out for DNS requests for this domain to spot possible infections. Internet explorer is redirected to a wide range of different domains which apparently are picked at random.


Video of the attack


Johannes B. Ullrich, Ph.D.  - IPv6 Training
SANS Technology Institute

I will be teaching next: Intrusion Detection In-Depth - SANS Doha March 2022


4343 Posts
ISC Handler
Feb 15th 2010
Is there anyway to determine all the URLs this type of malware could redirect to?

Sign Up for Free or Log In to start participating in the conversation!