Skip to Content

A Royal Wedding Scam

Searches for images of the happy couple may lead to viruses, thanks to hackers who increasingly harness popular search terms.
April 29, 2011

Updated 18:50 EST with comment from Google.

The royal wedding came off without a hitch. Unfortunately, the same can’t be said about online searches for news and images related to the event. Google Image searches for “royal wedding coverage” yesterday—which Google said was the number one U.S. search term for a time—led users to a number of websites doling out malicious software.  

At one point, clicking one of the images under “royal wedding coverage” led users to a common scam—bogus warnings of a computer infection. The embedded video, produced by researchers at StopBadware, shows how a common search could trick  users into “purchasing” what is really a nonexistent security solution—and a related blog post provides a detailed analysis of how it all worked.

This particular scam has defied all industry efforts to defeat it in the past several years. While its main aim is to steal money and credit card numbers (the scammers, many of whom are based in Eastern Europe, have found it very profitable), it is often accompanied by less visible attacks that aim to do things like install password-stealing programs via security holes in the user’s computer.

When I clicked the image identified by the group—of Princess Diana—the security scam vomited across my screen, defying not only Google but the up-to-date ESET antivirus protection on Technology Review’s computers. (Indeed, StopBadware’s analysis today found that most security products could not detect this attack.)

This scam program surfaces in many contexts, including links spreading on social-networking sites and through advertisements. In these cases it is hosted on malicious websites (or hacked pages of legitimate websites) that users land on through the “poisoned” search results. Malware scammers often hack into legitimate websites and add a page full of “bait”—lists of terms that people might be searching for. Then they link that hacked page with hundreds or thousands of other hacked pages—or with new pages of their own creation. This strategy can sometimes fool search engines.

Have you been hit by this ubiquitous scam?  If so, please add to the comment string and briefly explain what happened. I may get in touch with you to find out more.

Google responded to a question about the royal search incident with this statement:  “Google can respond quickly to new threats like these because utilizing popular search terms and events to lure users into visiting malicious web pages is not new. We’ve looked at these issues closely and work hard to protect our users from malware. We actively work to detect and flag sites that serve malware, keeping on top of the latest trends and watching for popular search terms. To do this, we have manual and automated processes in place to enforce our policies. We’re always exploring new ways to identify and eliminate malicious sites from our index.”

Keep Reading

Most Popular

This new data poisoning tool lets artists fight back against generative AI

The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models. 

The Biggest Questions: What is death?

New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.

Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist

An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.

How to fix the internet

If we want online discourse to improve, we need to move beyond the big platforms.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.