Office.Microsoft.com Poisoned Search Results Leads Users to Rogue Anti-Virus

If there ever was a time that you could trust search engine results, then that day is long gone because every time you perform an internet search using a reputable search engine you face a risk of infecting your system with malware through poisoned search results.

Websense Security Labs has discovered that search results on office.microsoft.com were laced with malicious links that could install rogue anti-virus applications. Computer users, who may have been seeking to find a help with a Microsoft Office product, may be unaware that not only does the office.microsoft.com's search engine pull results off of Microsoft's site but also results from the Web. This gives cybercrooks an open door to target unsuspecting users to rogue anti-virus installations.

In the case of office.microsoft.com, it was found that a faux virus-scan page was presented to download and install a rogue anti-virus program (SHA1: 6489c54e30af18801a9e83a5855fa639f3bae0b8) through an executable file named Setup55530_2045-10.exe.

Below is a video created by Security Labs demonstrating how office.microsoft.com search for "delete a meeting without uninviting invitees" unintentionally leads computer users to a page that essentially spreads a rogue anti-virus application.

The senior security program manager lead at Microsoft sent an updated message shown below in response to this discovery.

"Microsoft is aware that some search results on the www.office.microsoft.com Web site redirected people to a malicious site offering fake antivirus software. The redirection to this malicious site was produced after a third party tutorial offered on the site was compromised. The redirection no longer works and Office search results for the affected third-party tutorial have been removed.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at: www.microsoft.com/protect."

The fact remains today as it did over a year ago, cybercrooks are steadily finding new ways to populate search results on popular search engines with links that can lead users to malicious sites designed to either steal personal information from you or install malware onto the computer.

Have you taken the steps to protect yourself from malware in the case that you encounter a rogue anti-virus application after clicking on a search engine result laced with malware? Did anything like this every happen to you in the past? Share your story with us by posting a comment below.