According to Chris Boyd – aka Paperghost on Twitter – overnight he and his team have seen a number of adverts appearing on Bing with infected routes. The adverts, he says, are promoting all manner of infected downloads including Firefox, Skype and uTorrent files.
“Clicking the adverts takes end-users to sites such as river-park(dot)net, and they do a pretty good job of convincing visitors that these sites are the real deal”, he says in his latest security posting, adding that informed users might notice the ads displaying the real URL of the software mentioned, but end up routing users to infected sites.
All of the malicious downloads, he notes, are coming from en-softonic(dot)net, where a variety of infected files are waiting to be loaded by unsuspecting end users.
“As an example, the fake Firefox file installs a rootkit, runs IE silently in the background attempting clickfraud and also performs Google redirects”, he says.
Worrying, Boyd reports that the VirusTotal analysis score for the infected Firefox file is just 16/44. He adds that GFI has notified Microsoft and Yahoo of the problem and both firms are in the process of killing these things off.
“It's entirely possible these sites will show up somewhere else, so be careful when downloading programs and make sure you're on the official site before grabbing anything. These are definitely not the kind of files you want on your system”, he says.