The US midterm elections are taking place today, and scareware pushers aren’t sitting with their hands crossed – they have poisoned related search results:
Search combinations such as “2010 midterm election”, “midterm election results”, “midterm election latest polls”, “midterm election season” and “midterm election latest polls gallup” offer search results that take potential victims to a blank page.
A blank page? That seems harmless – until you check out its source code and see that it contains the URL to a fake AV distribution site. Websense researchers believe that further redirection to this URL is not active yet because the scammers are waiting for the election process to start and people to search the Internet for results.
The fake AV in question is the ubiquitous Security Tool that has lately been pushed with all possible tactics. The file that will try to get downloaded on the potential victim’s computer is named inst.exe, and is currently detected by only 10 out of the 43 virus solutions employed by VirusTotal.