Feeds

MS security centre search poisoned with infectious smut

Chapeau-noir SEOs seed results with seediness

Secure remote control for conventional and virtual desktops

Microsoft has disabled the search results on its Security Centre after malware-spreaders abused the function to promote shady pornographic websites serving Trojans as well as cheap thrills.

Only the Security Section of Microsoft's website was affected by the search-engine poisoning attack. Such attacks are often used to place scareware portals and the like high in the index of searches for terms in the news, such as royal weddings, celebrity deaths and natural disasters.

In the case of the Microsoft security search results, only searches for a limited range of terms return links to dodgy sites. These search terms include "porn" or "streaming" (a much more plausible search term for someone visiting the centre and presumably looking for security-related information rather than cheap thrills). Many of these sites are serving up malware as well as smut, net security firm GFI Software warns.

"Since only specific terms are used, if you search using a different term, say 'united nations', you'll get real, normal results," explains Alex Eckelberry of GFI Software.

"In other words, blackhat SEOs are seeding illegitimate search results within the Microsoft search results. Pretty tricky and impressive. There are a number of ways this could be done (for example, using the ability on the site to Twitter a search result)."

In an update, Eckelberry added that Microsoft has temporarily disabled the search feature on its Security Centre, presumably while it cleans out its search index. ®

Remote control for virtualized desktops

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.