XP Antivirus 2008 now with sploits, Google Adwords affected

I’ve blogged before about the problem of Google Adwords pushing Antivirus XP Antivirus 2008.

The situation is still ongoing.

However, it’s taken a turn for the worse, as these XP Antivirus pages are pushing exploits to install malware on the users system.

This will also affect the many syndicators of Google Adwords.

Google results bestav2009

Download com google add

Bestav2009 with sploit

Page withscode

URLs involved in this particular event:

bestantivirus2009 com

iframe with exploits: huytegygle com/index.php

There are a variety of exploits being used, including setslice and an AOL IM exploit. Unusually, an exploit framework is not being used. Fully patched systems will not be affected by these exploits.

The exploit attempts to install the following malicious file: huytegygle com/bin/ file.exe.

(Obviously, don’t visit these URLs unless you know what you’re doing, or you could be an unhappy camper.)