Google Images: Malware lurks at every corner.

[MrXidus]

I use Google images quite alot in my day to day internet life, And quite recently I noticed many images when clicked on to see larger preview often ends up being a malicious page, Most of which are fake scanner pages. But recently I seen a new one that managed to bypass BitDefenders TrafficLight,

- TrafficLight alerted me of the page, appeared to have stopped it then the page loaded normally pass TrafficLight.

What's interesting to me about this scanner page is its not your usual Windows XP style page but a Windows 7 looking type. New to me atleast.

Check out my screen captures of it. (Coded because they're large images)

http://i.imgur.com/8sbVg.png

http://i.imgur.com/vZXoa.png

What are your thoughts on this? I only encounter these types of pages through Google images, never have I come across them within Google search or any other site, (Excluding MDL).

It's getting quite annoying encountering these types of pages on Google images, What are your suggestions for preventing them? Cheers.

EDIT: I am starting to count and since posting this thread I have come across 3 more scanner pages. I am going to try using ClearCloud DNS again and see how it goes.
EDIT 2: Using Trend Micro with ClearCloud gets rid of these for good.

 

[jamescv7]

My thoughts are generally malware writers do that especially like currents events and search through images, malware writers are just doing it just to trick people and infect.

 

[Tom172]

Well, I don't think you have a secure DNS in your config. Maybe add Clearcloud or Norton. It will help block these annoying things

 

[Ink]

Something similar here (Malware using Social Engineering):
http://malwaretips.com/Thread-IE9-versus-Chrome-which-one-blocks-malware-better

Firefox 4 uses the same fake scanner as IE.

 

[jamescv7]

Well I think you will see often having a block fake page that is same to the original Firefox.

 

[Tweak]

I have use a Secure DNS and although not everyone likes it WOT, I find it very helpful mainly for this specific purpose.

 

[jamescv7]

Well having a DNS will surely protect you, I tried in google (but searches for link) it blocked the sites that are trying to redirect.

 

[win7holic]

i'm use WOT
and i enevr search image on there
^^

 

[Tom172]

Say what you will about WOT. It's a good way to catch these Fake scanners and other threats and annoyances early. Hence why I still use it.

 

[win7holic]

Say what you will about WOT. It's a good way to catch these Fake scanners and other threats and annoyances early. Hence why I still use it.

yep

and let us to choose for site good or bad to open

 

[Watasha]

I have noticed this issue as well lately. Linkscanner usually catches it, if not CIS gets it but it's still unnerving to see so many malicious links on something as popular as Google images.

 

[ghost]

The more popular, the more vulnerable it gets.

 

[McLovin]

I had a same result when I searched a Comodo logo...it came up with one of those fake scanner pages....there are a lot more that are starting to creep out.

 

[jamescv7]

Honestly I've never encounter an image search that redirect from fake scanner page, only in google search for links does.

 

[MrXidus]

Well I started using ClearCloud DNS and it actually worked wonders, Clear Cloud blocked numerous fake scanner pages.

 

[Tom172]

Good to hear!

They also have good customer service. So if you came across a false positive, they can have it fixed in as short as the next day

 

[Jack]

I've managed to stumble upon a fake scanner while using Google Images...
The most impressive aspect is that this images manage to rank very high .... The one selected was #2 in the Google search query .
Most likely cyber criminals are using SEO tehniques to rank high in Google Images Search...and they did take a very smart decision.Usually site developers aren't very interested in Google Images so they won't make their images SEO Friendly..
Anyway this is the rogue that I've "manage" to find :

Rogue name : Win 7 Home Security 2011
Download name : AntiSpyWareSetup.exe
Site :
[attachment=362]
GUI :
[attachment=363]
Alert :
[attachment=364]
Fake Windows Control Panel :
[attachment=365]
Tray Icon :
[attachment=366]

 

[Jack]

Google Web search can be used to locate dozens of results for compromised WordPress.org sites hosting html designed to poison Google Images search results.