Skip to Content

A Royal Wedding Scam

Searches for images of the happy couple may lead to viruses, thanks to hackers who increasingly harness popular search terms.
April 29, 2011

Updated 18:50 EST with comment from Google.

The royal wedding came off without a hitch. Unfortunately, the same can’t be said about online searches for news and images related to the event. Google Image searches for “royal wedding coverage” yesterday—which Google said was the number one U.S. search term for a time—led users to a number of websites doling out malicious software.  

At one point, clicking one of the images under “royal wedding coverage” led users to a common scam—bogus warnings of a computer infection. The embedded video, produced by researchers at StopBadware, shows how a common search could trick  users into “purchasing” what is really a nonexistent security solution—and a related blog post provides a detailed analysis of how it all worked.

This particular scam has defied all industry efforts to defeat it in the past several years. While its main aim is to steal money and credit card numbers (the scammers, many of whom are based in Eastern Europe, have found it very profitable), it is often accompanied by less visible attacks that aim to do things like install password-stealing programs via security holes in the user’s computer.

When I clicked the image identified by the group—of Princess Diana—the security scam vomited across my screen, defying not only Google but the up-to-date ESET antivirus protection on Technology Review’s computers. (Indeed, StopBadware’s analysis today found that most security products could not detect this attack.)

This scam program surfaces in many contexts, including links spreading on social-networking sites and through advertisements. In these cases it is hosted on malicious websites (or hacked pages of legitimate websites) that users land on through the “poisoned” search results. Malware scammers often hack into legitimate websites and add a page full of “bait”—lists of terms that people might be searching for. Then they link that hacked page with hundreds or thousands of other hacked pages—or with new pages of their own creation. This strategy can sometimes fool search engines.

Have you been hit by this ubiquitous scam?  If so, please add to the comment string and briefly explain what happened. I may get in touch with you to find out more.

Google responded to a question about the royal search incident with this statement:  “Google can respond quickly to new threats like these because utilizing popular search terms and events to lure users into visiting malicious web pages is not new. We’ve looked at these issues closely and work hard to protect our users from malware. We actively work to detect and flag sites that serve malware, keeping on top of the latest trends and watching for popular search terms. To do this, we have manual and automated processes in place to enforce our policies. We’re always exploring new ways to identify and eliminate malicious sites from our index.”

Keep Reading

Most Popular

Geoffrey Hinton tells us why he’s now scared of the tech he helped build

“I have suddenly switched my views on whether these things are going to be more intelligent than us.”

ChatGPT is going to change education, not destroy it

The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.

Meet the people who use Notion to plan their whole lives

The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.

Learning to code isn’t enough

Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.