Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Search Engine Poisoning...

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post SEO poisoning attacks - researched

    FYI...

    SEO poisoning attacks - researched
    - http://www.sophos.com/blogs/sophoslabs/?p=9264
    March 31, 2010 - "Regular readers will have seen numerous recent SophosLabs blogs describing how attackers are poisoning search engine results in order to hit victims with malware. In recent months, these type of Search Engine Optimisation (SEO) attacks have become a route through which fake anti-virus malware is being distributed. One thing common to the attacks is that the SEO pages are hosted within legitimate sites. This makes it harder for the search engines to identify the rogue pages, and exclude them from search results. It also lets the SEO pages piggyback on the reputation of that host site, which may help boost the search engine ranking... SophosLabs have published a new technical paper* that describes how these SEO attacks are being managed, by analyzing a selection of the kits that are being used by the attackers..."
    * http://www.sophos.com/sophos/docs/en...o-insights.pdf

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO poisoning - 2010 Masters

    FYI...

    SEO poisoning - 2010 Masters
    - http://www.m86security.com/labs/i/20...race.1299~.asp
    April 12, 2010 - "For cyber criminals, distributing malware is as easy as increasing the Google page-rank of a malicious landing page. But before cybercriminals can do that, they need to ride on a hot topic that people are currently searching for... take an example of a current hot topic: "2010 Masters"... We have noticed that most search results point to a malicious PHP webpage... If you are unfortunate enough to click on one of these malicious links, it will point you to the usual fake antivirus scanner page and ask you to install a fake antivirus executable. After installation, this rogueware asks you to pay a fee to “disinfect” your machine of bogus malware... To make sure the fake antivirus doesn't get caught by any real malware detection tool, it stops your favorite antivirus and other security monitoring tools from running. It adds a key to the registry, so that instead of executing your antivirus process, the malware will execute a legitimate Windows program SVCHOST.EXE. Furthermore, the fake antivirus edits the Windows hosts file preventing Google, Bing and Yahoo search engines from opening in a browser, instead directing you to a malicious IP address... when doing your online searching, be wary and don't automatically trust search results especially when using Google."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Search Engine results continue to be poisoned

    FYI...

    Search Engine results continue to be poisoned
    - http://www.symantec.com/connect/blog...ue-be-poisoned
    April 26, 2010 - "... poisoning search engine results with links to fake antivirus software is an effective way for attackers to infect users’ machines. As such, we constantly track search results for malicious links... Hackers clearly have a vested interest in ensuring their attacks are effective in poisoning Google results, most likely because of its large market share — Google’s breadth and speed of indexing will also play a role.
    • On average at any given hour, 3 out of the top 10 search trends contained at least one malicious URL within the first 70 results.
    • On average, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned (had at least one malicious URL).
    • On average on any given day, 7.3% of links are malicious in the top 70 results for top search terms.
    • The most poisoned search term resulted in 68% of links leading to malicious pages in the first 70 results
    • Almost all of the malicious URLs redirect to a fake antivirus page...
    While attackers are sometimes more successful in poisoning certain search terms, this is primarily due to luck. They use an automated system to determine which terms to poison... These days, the attackers continue to be effective at poisoning search results. They have an automated infrastructure that is able to automatically collect the latest, most popular search trends and poison the results. So, be careful when clicking on search result links, especially when searching for hot search topics..."

    (Screenshots and graphs available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO poisoning attack variants...

    FYI...

    SEO poisoning attacks - new variants...
    - http://blog.trendmicro.com/fake-yout...t-seo-attacks/
    July 14, 2010 - "Using search engines and watching videos are two of the top Internet activities that users do on a daily basis. In the threat landscape, this usually translates to threats such as blackhat SEO attacks, malicious pages crafted to look like YouTube pages, and, as we recently found out, attacks that use -both- blackhat SEO and malicious YouTube-like pages. In the recent attack that we saw, query results... were found to initially lead to YouTube-like pages before displaying the all-too-familiar fake malware infection warnings. The results are most likely to be compromised sites, all injected with search keywords that will lure users into visiting them... page may trick the user into thinking that the link that they’ve clicked leads to a video, and that they need to install Adobe Flash Player to view it... the cybercriminals behind this attack have a keen eye for detail; not only did they use a convincing interface for the fake Adobe installer, they also used a URL that strongly suggests that it is an Adobe-related site. This is a very notable change, since blackhat SEO attacks have been known to bring about FAKEAV variants specifically. These changes are just a few that we’ve seen. Blackhat SEO attacks no longer just ride on the popularity of big news, as it did before. SEO poisoning attacks are being deployed every day, tainting searches and bringing forth malware..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Google - malicious search results...

    FYI...

    Google - malicious search results...
    - http://www.zdnet.com/blog/security/g...h-results/7009
    July 30, 2010 - "According to a newly released report by Barracuda Labs, based on a two-month study reviewing more than 25,000 trending topics and 5.5 million search results, Google remains the most popular search engine used by malicious attackers, relying on poisoned keywords. The company, which also sampled Yahoo Search, Bing, and Twitter, contributes Google’s leading position to the fact that Google remains the market share leader in online search, and consequently the most targeted search engine..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Massive BlackHat SEO Attacks

    FYI...

    New Massive BlackHat SEO Attacks
    - http://blog.urlvoid.com/new-massive-...t-seo-attacks/
    August 1st, 2010 - "... websites hacked and used in a new campaign of blackhat seo attack with the objective to -redirect- all users to very dangerous websites that spread the infamous and well known rogue security software and the other dangerous threats such as TDSS rootkit and Zeus..."

    (Hijacked keywords and summary of malicious domains at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Halloween SEO poisoning...

    FYI...

    Halloween SEO poisoning...
    - http://www.eweek.com/c/a/Security/Ha...-Terms-569624/
    2010-10-30 - "Attackers are targeting people searching for last-minute ideas on Halloween costumes... CyberDefender identified a fake anti-virus Trojan downloader infecting pages that come up when searching for Halloween costumes. When users land on these infected pages, the fake anti-virus installer hijacks the user’s Web browser and initiates a malicious process, CyberDefender said. The infected PC becomes sluggish and slow-performing while exposing personal data, according to the company. One form, identified by Panda Labs*, displays a fake video player page and asks the user to download a codec in order to play the video. Popular search terms reflect what users are interested in at that time, making it a lucrative target. Criminals often create pages that are highly search engine optimized, with keywords reflecting currently popular search terms... Called SEO poisoning, hackers create these pages that Google and other search engines pick up thinking they are legitimate, and return them when users type in the search terms..."

    * http://pandalabs.pandasecurity.com/m...ated-keywords/
    "... top 5 most targeted phrases:
    1. Halloween costumes
    2. Halloween decorations
    3. Halloween ideas
    4. Adult Halloween costumes
    5. Free pumpkin pattern ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO Poisoning - Election results...

    FYI...

    SEO Poisoning - Election results...
    - http://isc.sans.edu/diary.html?storyid=9868
    Last Updated: 2010-11-02 21:36:09 UTC - "We have seen a couple of instances of search result poisoning for election related search terms..."

    - http://community.websense.com/blogs/...ions-wave.aspx
    01 Nov 2010 - "... some search terms related to the ongoing event return sites employing black hat SEO... some of the infected sites already come with a warning. However, there are still a handful of Web sites that do not have warning messages attached to them. Search terms used in this attack include:
    2010 midterm election
    midterm election results
    midterm election 2010
    midterm election latest polls
    midterm election 2010
    midterm election season
    midterm election latest polls gallup

    At the time of writing, the black hat SEO'd sites appear benign, only redirecting users to what appears to be a blank page. A closer look at the code reveals that the page contains a URL to a rogue AV site... If you copy and paste this URL in your browser, it will redirect you to the rogue AV download page which prompts the user to download inst.exe, identified by 10 of 43 VirusTotal engines*..."
    * http://www.virustotal.com/file-scan/...8f8-1288630936
    File name: inst.exe
    Submission date: 2010-11-01 17:02:16 (UTC)
    Result: 10/43 (23.3%)
    ___

    - http://community.websense.com/blogs/...-election.aspx
    2 Nov 2010 - "... we spotted further activity on what appeared to be blank pages from the Black Hat SEO... This particular attack is browser-aware, as the threats are specific to the browser being used... As of the time of writing and publishing this blog, the coverage for the file download prompts for both IE Flash Update* and Firefox Flash update** was about 27.9%* as confirmed by VirusTotal."
    (Screenshots available at the URL above.)

    * http://www.virustotal.com/file-scan/...60d-1288711379
    File name: v11_flash_AV.exe
    Submission date: 2010-11-02 15:22:59 (UTC)
    Result: 12/43 (27.9%)

    ** http://www.virustotal.com/file-scan/...054-1288711390
    File name: firefox-update.exe
    Submission date: 2010-11-02 15:23:10 (UTC)
    Result: 12/43 (27.9%)

    Last edited by AplusWebMaster; 2010-11-03 at 04:54.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO poisoned search results - Prince William / Kate Middleton

    FYI...

    SEO poisoned search results - Prince William / Kate Middleton

    - http://community.websense.com/blogs/...-attacks.aspx?
    16 Nov 2010 - "... attackers have the process down to a science. They monitor breaking news, trending topics, and buzz words, then automatically manipulate search results based on what's happening in the world... searching for news and buzz words is now more dangerous than searching for adult content, with approximately 22.4% of all searches for current news leading to malicious search results..."

    - http://sunbeltblog.blogspot.com/2010...unced-seo.html
    November 16, 2010 - "The British royal family announced today that Prince William will marry his long-time girlfriend Kate Middleton next year. Every news source on the planet is gushing and the dark side of the Internet is taking advantage of the news coverage. Surf with care. A Google search for “Kate Middleton” results in a poisoned link..."

    - http://community.websense.com/blogs/...us-intent.aspx
    17 Nov 2010 - "Ever noticed a magnifying glass next to your Google search results lately? It is actually a new service that Google launched last week called Instant Previews. This service allows users to see what a page looks like before going to it by hovering or clicking the magnifying glass next to the Google search results. Simple? Yes. Secure? Not so much. Our research shows that the images shown in Instant Previews is not updated as frequently as anyone might assume. Therefore, we don't think this feature would help users as much in making an informed decision on judging whether a link is indeed malicious or not... We reported some Black Hat SEO'd websites from searches relating to Prince William's engagement yesterday. Using Google's Instant Preview on the malicious search results may lead users into believing that the links they're clicking on is actually safe when in fact it's not..."

    - http://www.theregister.co.uk/2010/11...ement_malware/
    17 November 2010 - "... The process of manipulating search results - black hat search engine optimisation - has been going on for at least three or four years and is increasingly becoming automated. Hackers affiliated with scareware outfits in the Ukraine, Russia and elsewhere carry out the coding work."

    Infected searches (chart)...
    - http://community.websense.com/cfs-fi...2D00_550x0.png
    17 Nov 2010 - Filed under: Rogue AV, Blackhat SEO

    Last edited by AplusWebMaster; 2010-11-23 at 18:32.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO poisoning subject: Korea...

    FYI...

    SEO poisoning subject: Korea...
    - http://blog.trendmicro.com/cross-bor...ads-to-fakeav/
    Nov. 23, 2010 - "News outlets all over the world are talking about the recent cross-border clash between North and South Korea... Within -hours- of the incident, certain Korea-related search terms were already poisoned... This malware redirects users to different pages based on their browser..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •