1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Google search results delivering massive malware attacks

Discussion in 'Google' started by samantha pia, Nov 28, 2007.

  1. #1
    For the last two days, security software firm Sunbelt Software has been all over what could develop into a scary trend: Rigged Google search results that deliver big malware payloads.

    source http://blogs.zdnet.com/security/?p=688&tag=nl.e622

    On Monday, Sunbelt reported “we’re seeing a large amount of seeded search results which lead to malware sites.” The search terms leading you to these malware payloads were pretty basic fare.

    This screenshot courtesy of Sunbelt shows an example of the malware sites (Sunbelt’s post has a bunch of other examples).

    [​IMG]

    On Tuesday, Sunbelt researcher Adam Thomas followed up with another post. Thomas wrote:

    Sunbelt Software has uncovered tens of thousands of individual pages that have been meticulously created with the goal of obtaining high search engine ranking. Just about any search term you can think of can be found in these pages.

    Simply put, damn near any Google search term–even terms like “hospice”– can take you to one of these malware sites. Computerworld quotes Sunbelt Software CEO Alex Eckelberry as saying “this is huge.” I’m inclined to agree, especially considering Eckelberry’s inventory: “27 different domains, each with up to 1,499 [malicious] pages. That’s 40,000 possible pages.”

    Thomas continues:

    For months now, our Research Team has monitored a network of bots whose sole purpose is to post spam links and relevant keywords into online forms (typically comment forms and bulletin board forums). This network, combined with thousands of pages such as the two seen above, have given the attackers very good (if not top) search engine position for various search terms.

    In our previous post, we mentioned that the malicious pages also contained an IFRAME link which would attempt to exploit vulnerable systems. If you were unlucky enough to run across one of these links while surfing with a vulnerable system, you would become infected with a family of malware that we call Scam.Iwin. With Scam.Iwin, the victim’s computer is used to generate income for the attacker in a pay-per-click affiliate program by transmitting false clicks to the attacker’s URLs without the user’s knowledge. The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the internet.

    Google has been notified and hopefully its fancy algorithm can nuke these bogus sites pronto.
     
    samantha pia, Nov 28, 2007 IP
  2. alex_d1

    alex_d1 Well-Known Member

    Messages:
    1,517
    Likes Received:
    59
    Best Answers:
    0
    Trophy Points:
    120
    #2
    With sites such as these, I would guess that Google should start deleting them manually from their index, rather than waiting for the next index.

    Its pretty worrying when pages who se sole purpose is to deliver malware start achieving such high positions on Google. From the image posted above, all the dodgy sites look to be .cn, so that's a good enough reason for me neither to click on a weird looking url with that extension.
     
    alex_d1, Nov 28, 2007 IP
  3. mizaks

    mizaks Well-Known Member

    Messages:
    2,067
    Likes Received:
    126
    Best Answers:
    0
    Trophy Points:
    135
    #3
    All fom China . . . I generally don't visit many links from Russia or China
     
    mizaks, Nov 28, 2007 IP