Scareware sellers fool Google with file switch
Replacing pdfs with dodgy Flash files
Cybercrooks have developed a new technique for manipulating search engine results in order to promote the crud they sell, such as scareware packages.
Hackers first place benign pdf files on web pages they are seeking to promote, before replacing these documents with booby-trapped Flash files once a new site has been indexed.
The ruse, which featured in a recent attack themed around ice hockey players and the Winter Olympics, is illustrated in a blog post by Finnish security firm F-Secure here. ®
"but I've sometimes wondered what's to stop somebody from simply serving a different file when Google asks for it than what rest of us get."
This is done plenty of times. There is lots of content on news websites that is indexed by Google and requires you to "login" or "purchase" to view.
Change your user-agent to Googlebot and you see a different world.
Differing behaviour for search engines...
"what's to stop somebody from simply serving a different file when Google asks for it than what rest of us get"
I do this on my b.log. If you do not supply a specific date to read, it will show the last entry. Obviously this is liable to change, so I don't want search engines to record this entry. Therefore, upon detection of a search engine, it puts out a generic message (but the date links all work for correct indexing).
@ kevin mcmurtie
how does it determine who the sys admins are?
most hosting companys that are plauged with malware allow it so dont see why they would go to this bother to setup a proxy on the off chance the admin use's the same box ip everytime??
how does it determine between sys admin and everyone else :S