McAfee SiteAdvisor Blog

Hey, you know what would be fun? Taking the kids to one of those renaissance fairs. We'll be able to walk around outside, and the kids will enjoy the candy apples and costumes. They might even learn something. I think it's next weekend-- it's called King Richard's Park, right?

Uh oh.

There are numerous renaissance festivals named after King Richard, most of which are good family fun. But one fairground, King Richard' s Park.com, isn't exactly worth a trip. Instead, it's a site that behaves in a most unchivalrous fashion: when we visited, it installed a toolbar on our system without even asking for permission.

The page you were really looking for: legitimate site kingrichardspark.NET.

Rogue toolbars can do just about anything (see this Ars Technica article on malware for background and some examples) but in this case, it's serving up unrequested, unwanted advertising as part of the notorious CoolWebSearch system.

But to be honest, we don't even have to know what it does to know that it's up to no good. If you found an intruder in your living room at three in the morning, you'd know something was wrong. If they had any business being in your home, they would have knocked.

King Richard's Park is a great example of a site that uses two tricks at once. It attracts visitors by using a URL and keywords which are confusingly similar to legitimate pages, and then uses a broswer exploit to install software without permission.

Who suffers? The consumer who makes the typing mistake and the legitimate business that lost a potential customer. In this case, most visitors are probably looking for King Richard's Family Fun Park, or a renaissance festival like the one described at kingrichardsfaire.net. If you're looking for 16th-century-themed fairs and events in your area, try the list at renaissancefestival.com.

Note: as of press time, the exploit seems to have been removed from the website, but it remains a misleading URL.