June 14, 2016
Search Results Look Weird? You Might Be Infected
Have you been noticing “strange” search results when you’re surfing the web? Have your search results been taking longer than usual to appear? You may have been infected by a new, very clever bit of malware known as Redirector.Paco.
There are actually two flavors of this malicious software, the key differences between them is that one version sets up a proxy server on your local machine to serve the phony search results, while the other routes your search inquiry through a server that the hackers control, elsewhere on the ‘net.
In both cases, what you get are search results generated by the hackers’ custom search engine. They do this because they’re spring boarding off of Google’s Adsense For Search, which is used by legitimate website owners, worldwide. If you’ve ever used the search bar on any website you’ve visited, you’ve seen Adsense for Search. The site owner makes money when you click on the search results generated by the search bar on their site.
In this case, the hackers have co-opted that process and display their search results, so every time you think you’re doing a search on Google, Yahoo, or Bing, they are making money with each link you click on the search results page. Unfortunately, the malware is notoriously well-designed, spoofing certificates such that once it’s installed, your computer has no idea that anything is amiss.
To date, the malware has infected nearly a million computers worldwide by hiding in modified versions of installers for popular programs like YouTube Downloader, WinRAR, KMSPico, and Stardock’s Start8.
Depending on which version is installed on your machine, you may notice that your search results take significantly longer than they used to, in order to display. If that’s the case, pay close attention to your browser’s status bar. You may see something like, “downloading proxy script,” or “waiting for proxy tunnel.” If so, then you’ve been infected.
So far, there aren’t many antivirus programs or anti-malware suites that can remove this for you, but rest assured that updates are coming, now that this latest threat has been identified. If you’d rather not wait, and want to take action now, give one of our knowledgeable team members a call. We can inspect the machines on your network and determine whether or not you’ve been impacted.
Categories: