Hijacked Link to a Jenni 'JWOWW' Farley Image Redirects to a Malicious Site

You may think Jennie Farley (a.k.a. Jwoww) from the hit MTV show the "Jersey Shore" is a D-list celebrity, but to hackers she's a top-notch celebrity to do a bait and switch and redirect Internet users to malware sites. Jwoww has her fair share of racy photos circulating the Internet. Anyone can simply type in 'Jwoww' on Google's search engine and find numerous semi-explicit images of the Jersey Shore reality star.

I ran across on the Google Images results a Jwoww image hijacked by hackers and redirects to a malicious site called safesuitescanner.in. As shown in Figure 1, the link points to a legitimate site called allyouwantfree.com, but when you click on it, you're redirected to 'hxxp://www1.safesuitescanner.in,' which prompts the download and installation of a fake PC security scanner program known as Personal Internet Security 2011.

Moments later, I clicked on the Jwoww image again, but the image no longer redirected to safesuitescanner.in; either allyouwantfree.com has resolved the hijacking issue or the hackers involved are alternating or limiting how many times an Internet user gets to see the malicious site as a method to avoid detection and cloak their source address. I will not be surprised to see the Jwoww image hijacking taking place once more since hackers are known to switch IP addresses, temporarily take down their malicious sites, and then make the hijacking reappear again.

Figure 1. Google Images results for "Jwoww" lead to malicious site. Source: symantec.com

Figure 2. hxxp://www1.safesuitescanner.in website installing rogue anti-spyware program 'Personal Internet Security 2011'.

Safesuitescanner.in is among a long list of unscrupulous sites created by the makers of rogue anti-spyware programs such as Personal Internet Security 2011. These applications utilize deceptive techniques, as demonstrated in Figure 3. below, to convince Internet users to download the 'recommended' program, which is really a scam, to get rid of the detected virus threats.

Figure 3. Fabricated alert message generated by the Personal Internet Security 2011 application.

Poisoned search results are nothing new by any stretch of the imagination. Hackers are always finding a new way to spread malware to as many computer users as they can.

The widespread of Google Image redirection hijackings has become a significant contributor to spreading malware through meticulous links and even thumbnail image results. Several Google Help Forum members are reporting similar cases of hijacked Google Image search results. Google Help Forum member "HighTechGeek (http://www.google.com/support/forum/p/Web%20Search/thread?tid=510730e6a874e5ba&hl=en)" mentions how Google Images has become the #1 vector for infecting 100s of his client's computers. We don't deny this one bit because we have also been exposed to various malware infections through hacked sites on poisoned Google search queries.

Google has an automated bot, called the Googlebot, which seeks out content over the Internet and caches that content for users who perform search queries. Analysis posted on the site ebusiness.lk (http://www.ebusiness.lk/spam-and-hacking/vulnerabilities-at-images-google-com-thumbs-redirecting-to-other-sites) explains that hackers are cloaking sites through .htaccess SE bot directives. This means that they are feeding the Googlebot content that is viewed as legitimate so it will appear on image search queries. Through manipulative SEO (Search Engine Optimization) techniques, hackers are able to appropriate image search results in a way that the thumbnail of some images may redirect users to one of their hacked sites. Where the redirection (to a malicious site) takes place is through a JS (JavaScript) function thus redirecting the user on-the-fly. Google bans sites from search results that may contain unsuitable material such as porn or malware. But as we stated, the content is viewed as being legitimate by Google until someone physically reports the issue. Webmasters who may encounter a hijacked Google image search result may report it via the Google Webmaster Tools.

As you may already know, whatever is 'popular' gets the most online searches, and; therefore, hackers take advantage of that attention by poisoning search results for popular news stories, current events, and celebrity images on well-known social networks and search engines. This tactic is just one of many tricks these hackers have up their sleeves.

The recent discovery of poisoned Google images search results leading to the installation of a rogue anti-spyware program has, unfortunately, become a common practice for these cybercrooks. This is why we always strongly stress the importance of running an updated anti-virus or anti-spyware program that actively stops this type of malware. The last thing you need is your computer to crash after a session of viewing half-dressed photos of Jwoww. Hope she is worth it!