SEO poisoning w/Flash for redirection
FYI...
SEO Poisoning sites use Flash for redirection
- http://www.f-secure.com/weblog/archives/00001899.html
March 4, 2010 - "... another SEO poisoning stint... Since a lot of websites use SWF, most users have already installed Flash support in their browsers, thereby also enabling support for the malware behavior... It seems that the bad guys want the malicious URLs to be hidden inside the SWF..."
(Screenshots available at the URL above.)
- http://techblog.avira.com/2010/03/04...ruary-2010/en/
March 4, 2010
:fear::mad:
SEO poisoning on TV show...
FYI...
SEO poisoning on TV show
- http://isc.sans.org/diary.html?storyid=8383
Last Updated: 2010-03-08 17:08:18 UTC ...(Version: 2) - "... new SEO (Search Engine Optimization) poisoning attack doing the rounds in the last 6-8 hours. We have talked about this kind of attack in the past*, although they were mainly focused on other hot technological topics, major tragedies, or events. This time, the topic to get on top of the search engines result page is a TV reality show. Specifically, there is a TV show premiere in the US tonight called "Billy the Exterminator"... The affected sites are using a drive by attack, providing victims a fake AV warning message that drives them to download a piece of malware..."
* http://isc.sans.org/diary.html?storyid=8098
Hackers exploit Oscars to spread scareware attack
- http://www.sophos.com/blogs/gc/g/201...-exploit-oscar
March 8, 2010 - "... By using SEO (search engine optimisation) techniques, hackers have created webpages that are stuffed with content which appears to be related to the 2010 Oscars, but are really designed to infect your computer..."
:fear::mad:
SEO poisoning on news - Icelandic Volcano erupts
FYI...
Icelandic Volcano Erupts, Fake Antivirus Spews Forth
- http://www.symantec.com/connect/blog...us-spews-forth
March 22, 2010 - "Yesterday there was a volcanic eruption in Iceland, near the Eyjafjallajoekull glacier, that has led the Icelandic authorities to declare a state of emergency in southern Iceland. People living nearby have been evacuated in case of glacial melt water flooding and the airspace near the now active volcano is effectively closed off. As you have probably already guessed, any event which commands a high level of public interest will be pounced on quickly by the makers of fake antivirus software in order to make a quick buck. This incident is no exception. Web searches for subjects relating to this eruption, such as "Iceland Volcanic Eruption" or "Iceland Volcano", will return results that may include dozens of hacked Web sites. It is not that difficult to spot the hacked sites with the fake antivirus redirection in the search results... A reasonable rule of thumb... look for domain names that suggest content unrelated to the news being searched for. For example, if you find a Web site whose domain name suggests it is about a painter or British castles, yet it appears in the search results for a story about the volcanic eruption, it is likely that the link is bogus and should be avoided... On the subject of hacked Web sites, it appears that the crew behind this campaign has a back catalogue of hacked sites they can call up and use at very short notice. On looking closer at the hacked sites, you will find that it looks like each of them has had a few hundred randomly named PHP pages added to them. Each of these pages redirects to a single server that is changed periodically... The sites have a series of fake scan pages, which it can display at random. The fake scan pages are designed to look like application windows in various versions of Microsoft Windows and include Windows XP and Windows Vista..."
(Screenshots available at the URL above.)
:fear::mad: