Search Engine Poisoning...

[AplusWebMaster]

FYI...

SEO poisoning attacks - researched
- http://www.sophos.com/blogs/sophoslabs/?p=9264
March 31, 2010 - "Regular readers will have seen numerous recent SophosLabs blogs describing how attackers are poisoning search engine results in order to hit victims with malware. In recent months, these type of Search Engine Optimisation (SEO) attacks have become a route through which fake anti-virus malware is being distributed. One thing common to the attacks is that the SEO pages are hosted within legitimate sites. This makes it harder for the search engines to identify the rogue pages, and exclude them from search results. It also lets the SEO pages piggyback on the reputation of that host site, which may help boost the search engine ranking... SophosLabs have published a new technical paper* that describes how these SEO attacks are being managed, by analyzing a selection of the kits that are being used by the attackers..."
* http://www.sophos.com/sophos/docs/en...o-insights.pdf

[AplusWebMaster]

FYI...

SEO poisoning - 2010 Masters
- http://www.m86security.com/labs/i/20...race.1299~.asp
April 12, 2010 - "For cyber criminals, distributing malware is as easy as increasing the Google page-rank of a malicious landing page. But before cybercriminals can do that, they need to ride on a hot topic that people are currently searching for... take an example of a current hot topic: "2010 Masters"... We have noticed that most search results point to a malicious PHP webpage... If you are unfortunate enough to click on one of these malicious links, it will point you to the usual fake antivirus scanner page and ask you to install a fake antivirus executable. After installation, this rogueware asks you to pay a fee to “disinfect” your machine of bogus malware... To make sure the fake antivirus doesn't get caught by any real malware detection tool, it stops your favorite antivirus and other security monitoring tools from running. It adds a key to the registry, so that instead of executing your antivirus process, the malware will execute a legitimate Windows program SVCHOST.EXE. Furthermore, the fake antivirus edits the Windows hosts file preventing Google, Bing and Yahoo search engines from opening in a browser, instead directing you to a malicious IP address... when doing your online searching, be wary and don't automatically trust search results especially when using Google."

[AplusWebMaster]

FYI...

Search Engine results continue to be poisoned
- http://www.symantec.com/connect/blog...ue-be-poisoned
April 26, 2010 - "... poisoning search engine results with links to fake antivirus software is an effective way for attackers to infect users’ machines. As such, we constantly track search results for malicious links... Hackers clearly have a vested interest in ensuring their attacks are effective in poisoning Google results, most likely because of its large market share — Google’s breadth and speed of indexing will also play a role.
• On average at any given hour, 3 out of the top 10 search trends contained at least one malicious URL within the first 70 results.
• On average, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned (had at least one malicious URL).
• On average on any given day, 7.3% of links are malicious in the top 70 results for top search terms.
• The most poisoned search term resulted in 68% of links leading to malicious pages in the first 70 results
• Almost all of the malicious URLs redirect to a fake antivirus page...
While attackers are sometimes more successful in poisoning certain search terms, this is primarily due to luck. They use an automated system to determine which terms to poison... These days, the attackers continue to be effective at poisoning search results. They have an automated infrastructure that is able to automatically collect the latest, most popular search trends and poison the results. So, be careful when clicking on search result links, especially when searching for hot search topics..."

(Screenshots and graphs available at the URL above.)

[AplusWebMaster]

FYI...

SEO poisoning attacks - new variants...
- http://blog.trendmicro.com/fake-yout...t-seo-attacks/
July 14, 2010 - "Using search engines and watching videos are two of the top Internet activities that users do on a daily basis. In the threat landscape, this usually translates to threats such as blackhat SEO attacks, malicious pages crafted to look like YouTube pages, and, as we recently found out, attacks that use -both- blackhat SEO and malicious YouTube-like pages. In the recent attack that we saw, query results... were found to initially lead to YouTube-like pages before displaying the all-too-familiar fake malware infection warnings. The results are most likely to be compromised sites, all injected with search keywords that will lure users into visiting them... page may trick the user into thinking that the link that they’ve clicked leads to a video, and that they need to install Adobe Flash Player to view it... the cybercriminals behind this attack have a keen eye for detail; not only did they use a convincing interface for the fake Adobe installer, they also used a URL that strongly suggests that it is an Adobe-related site. This is a very notable change, since blackhat SEO attacks have been known to bring about FAKEAV variants specifically. These changes are just a few that we’ve seen. Blackhat SEO attacks no longer just ride on the popularity of big news, as it did before. SEO poisoning attacks are being deployed every day, tainting searches and bringing forth malware..."

[AplusWebMaster]

FYI...

Google - malicious search results...
- http://www.zdnet.com/blog/security/g...h-results/7009
July 30, 2010 - "According to a newly released report by Barracuda Labs, based on a two-month study reviewing more than 25,000 trending topics and 5.5 million search results, Google remains the most popular search engine used by malicious attackers, relying on poisoned keywords. The company, which also sampled Yahoo Search, Bing, and Twitter, contributes Google’s leading position to the fact that Google remains the market share leader in online search, and consequently the most targeted search engine..."

[AplusWebMaster]

FYI...

New Massive BlackHat SEO Attacks
- http://blog.urlvoid.com/new-massive-...t-seo-attacks/
August 1st, 2010 - "... websites hacked and used in a new campaign of blackhat seo attack with the objective to -redirect- all users to very dangerous websites that spread the infamous and well known rogue security software and the other dangerous threats such as TDSS rootkit and Zeus..."

(Hijacked keywords and summary of malicious domains at the URL above.)