According to eWeek, Google has revealed that fake antivirus and other malware programs spread by abusing search engine optimization (SEO) techniques.

At the Usenix workshop on large-scale exploits and emergent threats, Google said that fake antivirus programs accounted for 15 percent of all malware threats that it detects on the web. As of February 2010, it found that more that 11,000 domains were involved in fake antivirus operations.

In the past year, the practice has trended upwards. In January 2009, 93 unique domains were involved with fake antivirus operations, while in January 2010, Google found 587 domains involved with it.

"More recent fake AV sites have evolved to use complex JavaScript to mimic the look and feel of the Windows user interface. In some cases, the fake AV detects even the operating system version running on the target machine and adjusts its interface to match," said Google’s white paper.

The malware distributors spread the programs by using search engine optimization (SEO) techniques, such as link farming, keyword stuffing, and abusing search algorithms.

Google’s research echoes findings from a study conducted by ZScaler earlier this year. ZScaler also found similar problems with other popular search engines, like Yahoo and Bing.