New trends, old tricks: Google Nexus One

The fact that fraudsters take advantage of the latest on-line trends is by no means new. But this case is particularly significant.

Google has recently launched Nexus One, a phone created by Google itself that’s sold exclusively through their own website. For the moment, the device can only be purchased in certain countries. If we try to access the website from Spain, this is what we’ll find:

But if we’re not happy with this answer and we’re determined to find alternative ways to get the phone, it might occur to us to google buy nexus one.

The surprise comes when, in a splendid and easily clickable 5th position, we come across a link that takes us to this:

After analyzing this binary with Virustotal, we’ll learn that it was uploaded for the first time on 12 January 2010, two hours before drafting the first Spanish version of this article. Also, only 8 out of 41 anti-virus engines could detect it as a Trojan/suspicious file.

This should make us reflect on the real power of the infrastructure used in on-line fraud, which is perfectly able to put a fraudulent website in the 5th position of Google – by far the most popular search engine – and on top of that, lure victims with a smartphone manufactured by Google itself.

The link ranks even higher than the official Nexus One website in that search.

Update 13 January 2010, 4:49 p.m.

At this very moment, the first four entries that appear after searching “buy nexus one” in Google are also links to copies of the same fraudulent website mentioned above.

Jose Alemán
S21sec labs

Deja un comentario