"There is a new technique for luring unsuspecting users into
installing viruses on their systems. Criminals will use a combination
of Search Engine Optimization (SEO) techniques and common redirects
that can be found on Microsoft.com and the IRS.gov websites. Here is
how it works.
When users are on the IRS website and click on an external link a
redirect link warning alerts the user that they are leaving the IRS
website. It is a friendly way to let you know that you are leaving
their domain.
The redirects have a URL. Gary Warner uses this example on his blog:
http://www.microsoft.com/ie/ie40/download/?//00119922.com/in.php?&n=837&t=download+fruityloops+6+free.
That is a virtual page that Micrsoft didn't create but was generated by
the criminal. Microsoft has removed the link already but it may have
redirected you to scammer.
The next step is to create the page that the redirect would go to.
The page will automatically attempt to load a virus on your system.
The final step is to use inbound links to insure that that URL pops
up high in the search engines. The criminal will write articles on
various blog sites with links pointing to the bogus generated redirect
URL. Since the domain is a major government agency or company (like
Microsoft or the IRS), Google will pick the URL up as having good page
rank and include the link high up in their search results."
You'll have to scroll down a bit to get to the useful bits.
Read more: http://www.bestsyndication.com/?q=20081227_virus_software.htm
