Hackers have started on an organized attack on major search engines with innumerable keywords resulting in search results that point to malicious Web sites. Once clicked, the sites will cause a download of Trojans, key loggers, or elicit bogus clicks.
Simply put, damn near any Google search term–even terms like “hospice”– can take you to one of these malware sites. Computerworld quotes Sunbelt Software CEO Alex Eckelberry as saying “this is huge.” I’m inclined to agree, especially considering Eckelberry’s inventory: “27 different domains, each with up to 1,499 [malicious] pages. That’s 40,000 possible pages.”
The malicious sites seem to have made it to the top of the results via comment, blog spam, and rigging Web pages with keywords solely for the purpose of making it to the top list.
The malicious attacks were brought into focus by security researcher Adam Thomas of anti-spyware company Sunbelt Software. The malware from the sites make use of an iFrame exploit in IE and also result in the downloading of Trojans and keyloggers.
Search engines have begun purging the malicious links from their indexes.
Ranking systems at search engines are based on proprietary algorithms that are tuned to avoid bogus links, but the question remains whether present day techniques are sufficient to avoid organized large-scale malicious attacks in the future.
Hackers hijack Web search results (BBC)
Search Engines Unsuspecting Pawns in Malware Attacks (NetworkWorld)