Feeds

Miscreants subvert search results to punt malware

Using botnets to plant links and nurture zombie farms

Protecting against web application threats using SSL

Miscreants have set out to poison search results with links to malware infested sites via a new campaign.

Users searching Google or other prominent search engines for sites referring to innocuous terms ranging from "alternative router firmware" to "cotton gin and slavery" are often confronted with a list of results where at least some point to malware.

Comment spam attacks, which involve posting links to dodgy sites on blogs, have been taking place for at least three years. Search engines such as Google give priority to sites linked to from popular web destinations. Spammers and their hacking accomplices try to take advantage of this behaviour in order to illicitly gain higher places in search page rankings.

Crackers are now getting into the act in order to punt malware. The malign sites often appear in the top ten lists for a particular search term though rarely (if ever) as a top entry. Miscreants are essentially gaming search engines' ranking systems by automatically posting links to malign sites in blog and forum posts.

It's another example of bots being used to further an attempt to create further opportunities to ensnare the unwary, thereby creating a bigger network of compromised machines.

Anti-spyware firm Sunbelt Software said hackers have also created "tens of thousands of individual pages" that have been meticulously established with the goal of obtaining a high search engine ranking. "Just about any search term you can think of can be found in these pages," reports Sunbelt researcher Adam Thomas.

Sunbelt has unearthed evidence of a network of bots whose sole purpose is to post spam links and relevant keywords into online forms. This network, combined with thousands of pages, have given the attackers very good (if not top) search engine positions for various search terms, the security firm reports.

Surfers who stray onto the malicious sites with vulnerable systems are infected with a strain of malware called Scam-Iwin, using the infamous iFrame IE exploit. The exploit was patched by Microsoft months ago, but many vulnerable systems remain.

Computers infected with Scam-Iwin transmit false clicks to the hacker's URLs without the user's knowledge. These bogus hits generate income for hackers through a pay-per-click affiliate program. Scam-Iwin also attempts to download other items of malware (including Trojans and keystroke loggers) onto compromised PCs, Sunbelt reports.

Sunbelt has posted screenshots of several Google search results featuring links to malware-infecting sites, along with an additional explanation of the attack, here. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.