Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Video of tennis star Serena Williams imploding Saturday in the U.S. Open women's semifinals is just the latest search term to be poisoned by attackers wanting to infect users with rogue anti-virus software, researchers said Monday.Cybercriminals are attempting serve up malware when users search for such terms as "Serena Williams Outburst," according to Symantec. At least one of the sites being used to distribute malware was hacked to redirect users to a separate site that falsely warns users that their PCs are infected. Victims then are offered another download, which claims to fix the problem, but is actually a "scareware" trojan. Craig Schmugar, senior threat researcher at McAfee, said search engine compromise is a common theme, as attackers have gotten more skilled at quickly creating domains that leverage popular terms, while Google has gotten faster at indexing pages.The malware writers tap into Google Trends, which lists the day's 100 most popular search terms, to determine which they want to poison, Schmugar told SCMagazineUS.com. Typically they choose terms that are less specific, but they don't discriminate against particular themes."This is more of a generic and general problem," he said. "More often that not, they're trying to capitalise any way they can."Typically, the attackers create domains based on the popular search term and then automatically load links to the URLs on legitimate sites, such as in blog comment forms, Schmugar said. Then, they wait for Google's crawler, known as Googlebot, to discover the domains.The goal is to trick the crawler into listing the malicious sites near the top of the search results for a given term, he said. Usually they don't stay up for long."If they can poison a search term for 12 hours, that will probably serve their purpose," Schmugar said.A Google spokesperson said the company does not tolerate the poisoning of search results."We work hard to protect our users from malware," the spokesperson said Monday in an email statement. "Using any Google product to serve or host malware is a violation of our product policies. In all cases, we actively work to detect and remove sites that serve malware from our search index and our ad network, and we immediately suspend accounts found to contain ads pointing to sites that install malware. To do this, we have manual and automated processes in place to enforce our policies."The representative added that the problem affects all search engines, not just Google.Schmugar said Google regularly updates its search algorithm in hopes of weeding out corrupted search results.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.