“Dancing with the Stars Lineup 2010″ Malware

A Technibble subscriber and a fellow computer technician, Patrick Croteau of www.logic1.com sent us an interesting tip today. One of his clients was infected with a typical rogue-antivirus which he went out and cleaned up. However, they managed to reinfect themselves later that day and upon checking their internet history he found this:

When you search for “dancing with the stars 2010 lineup” on Google, which is a fairly innocent query and probably searched for a lot; the top result is a hacked site with malware hosted on it.

When you visit it, you’ll see your typical “You have 100 viruses” scareware.

Once installed, the malware product appears to be the rogue antivirus “CleanUp Antivirus”.

As Patrick said “I’ll bet its making them a fortune”. Such an innocent query with a malicious site as the top result. If you ever do encounter this infection, BleepingComputer.com have removal instructions for Cleanup Antivirus.

Join 16,500+ other happy readers and subscribe to Technibbles Email Digest and receive new posts sent directly to your inbox. All new signups get a copy of our Computer Technicians Quick Reference Guide free. Signup Now!

Your Blogmaster is Bryce Whitty
Bryce Whitty is a Professional Computer Technician who started his business when he was 17 year old. Bryce writes Technibble articles about Business How-to's and stories from "the trenches".

Other Blog posts by Bryce Whitty

Luther says:

March 17th, 2010 at 6:52 am

Wrong, but I must admit this is funny. If only the same people who make this crap could put their time towards useful efforts.

cg2r says:

March 17th, 2010 at 11:45 am

If you ever find a bad website. You should report it to http://badwarebusters.org/community/submit

Jenn

Derrick says:

March 17th, 2010 at 11:47 am

Yeah this is funny. I mean who is searching for dancing with the stars anyway? I believe it though if it is a highly rated search term then it is an easy way to infect a lot of computers.

Derrick

Charlie says:

March 17th, 2010 at 2:34 pm

Interesting thing about this little bugger is how it gets on the computer, i had a formatted machine in the front of my shop, clean format, just plugged it into the internet to activate windows and do updates from the Microsoft website. Before i was even done choosing my option (custom) this program was up and running on a freshly formatted machine still missing some drivers and no programs but the basic windows install. I wonder if it doesn’t propagate itself through a backdoor/known vulerability i have had customers coming in all day with the same program, its a quick 5-10min fix but still a bugger to be doing all day.

MI Computer Repair says:

March 17th, 2010 at 6:20 pm

Rouges are so common now. It’s too bad most anti virus still aren’t great at catching them. At least they’re usually easy enough to remove.

Grant says:

March 17th, 2010 at 7:49 pm

I think the only way to be safe is to remove Dancing with the Stars from the TV schedule. Then everyone is saved. :)

Derek says:

March 19th, 2010 at 10:05 am

It is amazing how people will just click on anything when they are out and about out there.

computer doctor of richmond says:

March 21st, 2010 at 11:18 pm

this is one more reason why we recommend WOT (web of trust) to our customers. Not that WOT stops everything, but it is one more good layer of protection to ad with crap like this.

Orfebre Martin says:

July 30th, 2010 at 11:04 pm

It’s too bad most anti virus still aren’t great at catching them