This campaign, however, was clearly aimed to coincide with AT&T's launch of MMS for the iPhone. "People want to know how to use [MMS], how to send multiple pictures at the same time, things like that," said Chenette.

Attackers poison search results by creating massive numbers of useless Web sites on the bots they control, or by using previously-hijacked sites. Those sites are all packed with credible content, news and headlines in many cases, that has been copied from legitimate sites. All such sites point to a single "landing page" URL, which in turn sends users to a number of different, and often shifting, servers hosting malware, in this case Windows scareware.

When the search engines' spiders crawl the Internet, and index the fake and real sites that have the landing page URL, their algorithms are essentially tricked into pushing it to the top of any search result for the key phrases in the stolen content.

"The botnets give them much more power this way than if, say, they were just using them for spam," he added.

The only defense is to be wary of what's clicked in a search result.