Feeds

Miscreants subvert search results to punt malware

Using botnets to plant links and nurture zombie farms

Choosing a cloud hosting partner with confidence

Miscreants have set out to poison search results with links to malware infested sites via a new campaign.

Users searching Google or other prominent search engines for sites referring to innocuous terms ranging from "alternative router firmware" to "cotton gin and slavery" are often confronted with a list of results where at least some point to malware.

Comment spam attacks, which involve posting links to dodgy sites on blogs, have been taking place for at least three years. Search engines such as Google give priority to sites linked to from popular web destinations. Spammers and their hacking accomplices try to take advantage of this behaviour in order to illicitly gain higher places in search page rankings.

Crackers are now getting into the act in order to punt malware. The malign sites often appear in the top ten lists for a particular search term though rarely (if ever) as a top entry. Miscreants are essentially gaming search engines' ranking systems by automatically posting links to malign sites in blog and forum posts.

It's another example of bots being used to further an attempt to create further opportunities to ensnare the unwary, thereby creating a bigger network of compromised machines.

Anti-spyware firm Sunbelt Software said hackers have also created "tens of thousands of individual pages" that have been meticulously established with the goal of obtaining a high search engine ranking. "Just about any search term you can think of can be found in these pages," reports Sunbelt researcher Adam Thomas.

Sunbelt has unearthed evidence of a network of bots whose sole purpose is to post spam links and relevant keywords into online forms. This network, combined with thousands of pages, have given the attackers very good (if not top) search engine positions for various search terms, the security firm reports.

Surfers who stray onto the malicious sites with vulnerable systems are infected with a strain of malware called Scam-Iwin, using the infamous iFrame IE exploit. The exploit was patched by Microsoft months ago, but many vulnerable systems remain.

Computers infected with Scam-Iwin transmit false clicks to the hacker's URLs without the user's knowledge. These bogus hits generate income for hackers through a pay-per-click affiliate program. Scam-Iwin also attempts to download other items of malware (including Trojans and keystroke loggers) onto compromised PCs, Sunbelt reports.

Sunbelt has posted screenshots of several Google search results featuring links to malware-infecting sites, along with an additional explanation of the attack, here. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped
This is what happens if you hand your username and password to a 3rd-party
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.