Software

Hackers target search terms on top search engines

Hackers have started on an organized attack on major search engines with innumerable keywords resulting in search results that point to malicious Web sites.

Hackers have started on an organized attack on major search engines with innumerable keywords resulting in search results that point to malicious Web sites. Once clicked, the sites will cause a download of Trojans, key loggers, or elicit bogus clicks.

An excerpt from ZDNet:

Simply put, damn near any Google search term–even terms like “hospice”– can take you to one of these malware sites. Computerworld quotes Sunbelt Software CEO Alex Eckelberry as saying “this is huge.” I’m inclined to agree, especially considering Eckelberry’s inventory: “27 different domains, each with up to 1,499 [malicious] pages. That’s 40,000 possible pages.”

The malicious sites seem to have made it to the top of the results via comment, blog spam, and rigging Web pages with keywords solely for the purpose of making it to the top list.

The malicious attacks were brought into focus by security researcher Adam Thomas of anti-spyware company Sunbelt Software. The malware from the sites make use of an iFrame exploit in IE and also result in the downloading of Trojans and keyloggers.

Search engines have begun purging the malicious links from their indexes.

Ranking systems at search engines are based on proprietary algorithms that are tuned to avoid bogus links, but the question remains whether present day techniques are sufficient to avoid organized large-scale malicious attacks in the future.

More information:

Hackers hijack Web search results (BBC)

Search Engines Unsuspecting Pawns in Malware Attacks (NetworkWorld)

4 comments
Neon Samurai
Neon Samurai

Crackers target search terms... Criminals target search terms... You can't blame the general media outlets but a technical media journalist should really know the difference even if the article they link too was written by someone who didn't. Stop with the boogiman sensationalism that is the modern abuse of the term "hacker". Now I gotta go back and read the article in detail so I can comment on the topic rather than presentation.

Absolutely
Absolutely

[i]You can't blame the general media outlets but a technical media journalist should really know the difference even if the article they link too was written by someone who didn't. Stop with the boogiman sensationalism that is the modern abuse of the term "hacker".[/i] You are too generous, Neon! I'm an advanced IT user or moderately experienced IT pro, but I know that "hack" refers to applying the scientific method and engineering principles to computers, while "crack" and "cracking" refer to gaining illicit access, especially cracking access controls. A writer who doesn't know the difference, yet writes for publication in a tone suggesting that he knows what he's saying, should be called "a technical media paparazzo," not "a technical media [b]journalist[/b]."

pr.arun
pr.arun

Are attacks targeted at the ranking models of Search Engines just a beginning?

Nodisalsi
Nodisalsi

Somewhere on this planet there's always people for whom the need to sell is more than the need to stick to ethical standards of common decency and etiquette. Like wherever there sprouts an opportunity, there will always be a salesperson; a vulnerability on the internet will find a scammer. The sad thing is, the easiest "marks" on the internet are the most greedy, unwashed and depraved individuals who are always drawn to free downloads, get rich quick schemes and smutty content; and it's usually the scammers' intent to target that degenerate minority. So while this unscrupulous kind of marketing is generally beneath the vast majority of end users - or 'victims' if you like - it only requires one idiot in the gene pool to make the whole mass-production scamming spamming effort a profitable enterprise.