Feeds

Google Doodle poisoned by scareware slingers

How do you say ne'er do wells in Esperanto?

Website security in corporate America

Scareware slingers have begun hiding links to rogue anti-virus sites behind Google Doodle.

The development leaves surfers who click on Google's picture of the day at risk of being exposed to sites that run fake security scans, before strong-arming users into buying worthless software in order to clean-up non-existent security risks

Scammers have been manipulating the search engine ranking of terms in the news to promote scamware portals for months. In the latest twist to this wheeze, fraudsters poisoned the sites offered up to surfers who clicked on Google's front-page Doodle sketch, dedicated to the 150th anniversary of birth of the creator of the Esperanto language, L. L. Zamenhof, on Tuesday.

The latest variant to previous black hat search engine optimisation techniques resulted in links to hacked pages on legitimate websites, including a hair Salon in New Jersey and a science fiction site. Users visiting these sites via Google (and only via Google) are redirected towards scareware scam portals.

Tainted results appeared among the top five to 10 search results for people who clicked on the Google doodle link on Tuesday, according to security researchers at Barracuda Networks. "Poisoning as a trend is nothing new, but in this particular case, it's a search where you actually click on Google's logo and you get results back from sites where half of the links have been compromised," Dave Michmerhuizen, a research scientist at Barracuda Networks, told MacWorld.

Google, which stated other search engines are also targeted by black hat search engine optimisation techniques, said most of the tainted links were quickly removed from its index. Google uses a combination of continuously-refined automated and manual processes to clean-up its index, a spokesman for the search engine giant added.

Google and security researchers are in a continuous battle against distributors of rogue anti-virus scanners, one of the most prevalent information security threats contaminating the internet at present. FBI estimates out this week suggest that the scareware market brought in $150m in illicit income over an unspecified period.

An FBI Internet Crime Complaint Centre (IC3) advisory on the scareware menace can be found here. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.