Feeds

Google Doodle poisoned by scareware slingers

How do you say ne'er do wells in Esperanto?

SANS - Survey on application security programs

Scareware slingers have begun hiding links to rogue anti-virus sites behind Google Doodle.

The development leaves surfers who click on Google's picture of the day at risk of being exposed to sites that run fake security scans, before strong-arming users into buying worthless software in order to clean-up non-existent security risks

Scammers have been manipulating the search engine ranking of terms in the news to promote scamware portals for months. In the latest twist to this wheeze, fraudsters poisoned the sites offered up to surfers who clicked on Google's front-page Doodle sketch, dedicated to the 150th anniversary of birth of the creator of the Esperanto language, L. L. Zamenhof, on Tuesday.

The latest variant to previous black hat search engine optimisation techniques resulted in links to hacked pages on legitimate websites, including a hair Salon in New Jersey and a science fiction site. Users visiting these sites via Google (and only via Google) are redirected towards scareware scam portals.

Tainted results appeared among the top five to 10 search results for people who clicked on the Google doodle link on Tuesday, according to security researchers at Barracuda Networks. "Poisoning as a trend is nothing new, but in this particular case, it's a search where you actually click on Google's logo and you get results back from sites where half of the links have been compromised," Dave Michmerhuizen, a research scientist at Barracuda Networks, told MacWorld.

Google, which stated other search engines are also targeted by black hat search engine optimisation techniques, said most of the tainted links were quickly removed from its index. Google uses a combination of continuously-refined automated and manual processes to clean-up its index, a spokesman for the search engine giant added.

Google and security researchers are in a continuous battle against distributors of rogue anti-virus scanners, one of the most prevalent information security threats contaminating the internet at present. FBI estimates out this week suggest that the scareware market brought in $150m in illicit income over an unspecified period.

An FBI Internet Crime Complaint Centre (IC3) advisory on the scareware menace can be found here. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.