securityhelpcenter.com – Hijacking search results and making the good guys look bad
// April 18th, 2009 // 3 Comments » // Malware Related, News
After posting my recent article on Personal Antivirus, I noticed something strange- A number of people were coming to my site from the link http://securityhelpcenter.com/block.php?id=2006-60&url=http://malwarecrawler.com/?p=146
The website seemed to have a strange name and the block.php part of the url got me slightly suspicious. I decided to investigate futher and saw something which was both quite funny (for me) and very worrying.
Look at the screenshot below….notice anything untoward?
Some of you may have recognised it to be a warning akin to those given by firefox when attempting to visit a “Bad” site…. however if you now click HERE and have a look at a higher resolution version of this website you will probably begin to see what is wrong here…. first of all, this warning is being displayed in Internet Explorer- which does not have alerts which look like this to warn of phishing/dangerous sites.
Secondly, there are two links on this page- “Continue unprotected” or “Get security software”….clicking “Continue unprotected” will allow you to carry on to the site you were intending to visit- although many people may be scared because the warning is talking about impending doom to your computer- whilst clicking on “Get security software” will take you on to a site instructing you to buy “Personal Antivirus”, which would be the infection which originally started to hijack the search results on an affected machine:
This is the main object of the fake warnings, to scare the infected user into not visiting legitimate, security related websites and instead buying into the personal antivirus (pav) scam. If you have been affected by PAV, then I have a blog post about it HERE.
Further investigation has revelealed that a large number of real, legitimate security forums and antivirus/antispware vendors websites are also being blocked on machines infected by PAV- including malwarebytes.org and kaspersky.com
This is not the first time that the scammers have hijacked search engine results on infected machines, and probably not the last time, however this website shows they are becoming more sophisticated and constantly coming up with new ways in which to prolong the life of their infections and confuse unsuspecting computer users into parting with their hard earned cash for a nonexistent service whilst lining the pockets of the scammers. Stay aware! 
