Just when we thought SEO using Flash was as interesting as SEO poisoning can get, it seems it's getting even sneakier…

Imagine a PDF file posted by someone evil online. Of course, Google being Google, the file is recognized as a PDF.

And when we open it, it really is a PDF. No evil codes inside, just a good old vanilla PDF file.

Another day, another news, and well… another SEO poisoning stint.

Using PDF files in SEO poisoning is recent, but not exactly fresh news. So we were thinking of just adding the malicious URLs to our Browsing Protection and creating detections for the corresponding files… Then, we saw something:

Executive Summary

Gozi is a well known Trojan that has been around for a number of years now.

More than 60 websites have been found to be hotbeds for SEO poisoning. Each of these domains host hundreds of possible matches for search keys.

Also, the topics in one domain overlap with that of the other domain, thus making it possible that they will both emerge in the search results. Topics range from the Winter Olympics Luge Crash to the death of Alexander McQueen and even to NASCAR Schedule.

The lab has a survey request. As Windows 7 gains market share, code signing is becoming more important for software developers.

A byproduct of more clean code being signed is that malware authors now have greater incentives to get their stuff signed in order to prevent it from being easily distinguished from legitimate software.

With this in mind, we'd like to run a questionnaire aimed at developers who sign their code.

So if you're a Windows developer, we would appreciate it very much if you would care to answer following short survey.

The group behind “live-windowsantivirus. com” is having a very busy morning distributing Rogueware XP Internet Security 2010. We grabbed some snapshots for you of the current incarnation of the malware, since users appear to be falling for it in large numbers. The full window and the balloon popup stating “System Danger! Your system security is in danger” must be convincing…

Some of our antivirus products had a brief false alarm today. The alert was from a common JavaScript file called show_ads.js. The false alarm was for a trojan called Trojan.JS.Redirector.ar.

The false alarm has been fixed in our update 2010-01-25_17.

This only affected our older products, such as the 2009 product range. F-Secure Internet Security 2010 had no issues.

We apologize for the false alarm. Sorry.

On 25/01/10 At 06:31 PM

In an early-2009 literary flourish we condemned spammers to hell, discussed the Tedroo spambot’s increased momentum due to the shutdown of other botnets, posted screenshots of the Tedroo spewed pharmaceutical spam and related scam sites, and noted its distribution via malicious pdf files. Tedroo’s increased presence and its distribution is continuing into 2010.

Microsoft recently announced a new vulnerability in certain versions of its Internet Explorer web browser. If exploited, the vulnerability (CVE 2010-0249) can allow remote code execution.

Announcement of this vulnerability follows on the heels of last week's targeted zero-day attacks against a number of companies.

A day after the disaster that struck the Caribbean nation of Haiti, Rogue perpetrators have once again been busy with their SEO poisoning schemes. Searching for terms related to this earthquake leads to a website that installs a Rogue into the system.

It happens when an unsuspecting user searches for Haiti Earthquake details.

Happily clicking the link leads to this page: