Rogues Mug Big Bird on his Birthday

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

20091104_picapp_BB_cropIn a move sure to raise the ire of Sesame Street fans everywhere, the black hat SEO gangs that have been manipulating Google results for the better part of the year have seized on a new target from which they’ve launched their current salvo of rogue antivirus guano. That’s right, the lovable, giant jaundiced avian friend to child and adult alike is being used to hijack searches and rope unsuspecting users into a vortex of popups and fake scans.

They have besmirched Big Bird. And on his birthday, of all days. Have the rogue AV purveyors no shame?

20091104_BB_volcanic_cropActually, they’ve just once again demonstrated that they, too, can take advantage of Google Trends, which rates the ‘hotness’ of searches for “Big Bird’s Birthday” today as “Volcanic.” It’s not surprising, really. Big Bird’s legs replaced the “L” in the Google logo this morning (in honor of the 40th anniversary of the popular character’s first Sesame Street appearance). So of course, people are clicking away at those feathered gams, trying to find out why they’re there.

The fake alerts touting the equally fake Internet Antivirus Pro warns users, through a series of browser popup alerts, that (like a fine strip of beef destined for the jerky factory) “your computer…need to be cured as soon as possible.”

The same advice we’ve given in the past prevails. Parents, also take note that you shouldn’t necessarily click — or let your kid(s) click — any old link that purports to lead to something child-friendly. The first link we saw appeared as the seventh search result on the first page of Google results. Many more appeared lower down. The text beneath the malicious result link read, in part, “Make your child s big day extra special with a personalized birthday banner!”

The dialog boxes that IE spawned were unintentionally hilarious, but that didn’t make me any less angry about this abuse of a beloved childhood memory. The first dialog warned that the lack of a “privacy protection system…may lead to irretrievable results.” Whatever that means.


The next popup helpfully reassured me that the rogue installer “has been digitally signed and independently certified as 100% free of viruses, adware and spyware.” Besides the fact that this simply isn’t true, doesn’t everyone know that digital signatures are foolproof, guaranteed, dependable mechanisms to assure users of…wait, what do they do again, exactly?


Follow that up with a little fake plug, purportedly from Microsoft, of the product from their “official partner” Internet Antivirus Pro. Never mind the fact that Microsoft isn’t actually their partner, and is trying to find these guys.


Next, the browser opens full-screen and displays an image that looks, to the untrained eye, like some sort of Windows Explorer pane which includes AV results. It also helpfully displays a “scan result summary” which, in an act of unfiltered, juicy-bits-of-pulp irony, calls its ‘discovery‘ “Virus.Win32.Faker


Finally, if you don’t act immediately, the page spawns yet another dialog box, this time warning you (in language so urgent it forgot whether “viruses” is the singular or plural form of that noun) that “your computer remains infected by viruses! It can cause data loss and file damages and need to be cured as soon as possible.”


It’s worth noting that, until the user downloads and installs the Internet Antivirus Pro application, you aren’t infected with anything. Nothing, nada, zilch. It’s all just irritating smoke and very persistent mirrors.

Disgusting? Yes. Surprising? Hardly. Hooking your scumbag wares to celebrity deaths, peephole videos, and high profile arrests is one thing. But as far as I’m concerned, a line has been crossed. Yes, the dark back-alleys of the Internet are pretty far afield from Sesame Street. But nobody messes with the Bird.

wordpress blog stats

One thought on “Rogues Mug Big Bird on his Birthday

  1. Pingback: Play it Safe on Safer Internet Day « Webroot Threat Blog

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s