Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27

Thread: Search Engine Poisoning...

  1. #21
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Blackhat SEO - mass spam Infection

    FYI...

    Blackhat SEO - mass spam Infection ...
    - http://blog.sucuri.net/2011/09/mass-...es-hacked.html
    September 21, 2011 - "... blackhat SEO attack that was infecting many WordPress sites with spam... the attack consists of contacting the domain wplinksforwork .com to get a list of links to be displayed on the compromised sites... sites compromised (if they have display errors enabled), have this message in their footer... we checked on Google to see how many they have found lately with this error and it is an astonishing number of almost 50k pages... At the time of our first analysis, most of the hacked sites had outdated versions of WordPress installed. Some of them were not, but we assume they upgraded after the fact, and never cleaned up the spam from their themes (yes, it hides in themes and in the database). So, if you keep WordPress updated, you’re likely safe. In any case, you can check via our free scanner to verify:
    > http://sitecheck.sucuri.net
    ___

    - http://centralops.net/co/DomainDossier.aspx
    Domain name: wplinksforwork .com ...
    Saint-Petersburg... RU

    Last edited by AplusWebMaster; 2011-09-23 at 21:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #22
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Search Engine Poisoning...

    FYI...

    More bad ads in Bing
    - http://forums.spybot.info/showpost.p...&postcount=209
    September 29, 2011

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #23
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down More... Rogue ads on Bing

    FYI...

    More... Rogue ads on Bing (and Yahoo)
    - http://sunbeltblog.blogspot.com/2011...ue-ads-on.html
    October 13, 2011 - "... Microsoft needs to get a handle on ad placements on Bing. Ok, so Bing isn't the most widely used search engine, but remember that Yahoo plays a part here as well. In this case, we're talking Sirefef (ZeroAccess aka Max++), probably the nastiest piece of malware circulating on the 'net right now. Sirefef kills any attempt to remove it, and is nearly impossible to clean (short of booting onto a rescue disk and performing cleanup actions, or reformatting). So just search for "adobe flash"... (That same search term will look identical on Yahoo, since Yahoo displays Bing ads and search results.) Which leads to an innocent-looking "download flash" page... the page isn't actually "GetAdobeFlash.com". Instead, it redirects to a directory on a compromised trucking site (arulbrothers .com), downloading a file from torreandaluz (dot) com/flash/Flash Player 10 Setup.exe . So let's download that Flash Player and run it through VirusTotal*..."
    * https://www.virustotal.com/file-scan...ac0-1318507455
    File name: Flash Player 10 Setup.exe
    Submission date: 2011-10-13 12:04:15 (UTC)
    Result: 17/43 (39.5%)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #24
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Olympic scams in Google AdWords ...

    FYI...

    Olympic scams in Google AdWords ...
    - http://community.websense.com/blogs/...er-Beware.aspx
    1 Feb 2012 - "... a Google search for "olympic tickets" resulted in top-of-the-page placement of sponsored sites for vendors selling tickets without permission from Olympic authorities, which is a criminal offense in the U.K. under the London Olympic Games and Paralympic Games Act 2006... The prominent display of sponsored ads tends to confer on them a sense of legitimacy. Users may assume that Google has approved the businesses, or at least stands behind them in some way. But in response to a complaint from a would-be Olympic ticket purchaser, Google said, "While Google AdWords provides a platform for companies to advertise their services, we are not responsible for, nor are we able to monitor the actions of each company"... One URL yielded 500 backlinking URLs in categories such as Adult Material, Gambling, Proxy Avoidance, Potentially Unwanted Software, Suspicious Embedded Links, and Malicious Embedded Links. A set of 375 backlinks for another URL found that 104 (27.73%) included various kinds of objectionable content, including security risks (the remaining URLs either had no backlinks or had backlinks for legitimate sites such as News and Media, Business and Economy, and so on)... With Google searches as with everything else, do your own "due diligence" before making a transaction, even if the business is at the top of the page. In the case of London Olympics tickets, the official website includes the handy ticketing website checker* that we used to determine if a URL is recognized as an authorized vendor..."
    * http://www.london2012.com/about-this...te-checker.php
    ___

    EU regulators want Google to halt new privacy policy
    - http://www.reuters.com/article/2012/...8120OG20120203
    Feb 3, 2012 - "... Google remains the subject of an inquiry by both the EU's competition authority and the U.S. Federal Trade Commission into how the company ranks its search results..."

    Last edited by AplusWebMaster; 2012-02-03 at 16:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #25
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Cyber Monday - Beware of Cyber Criminals

    FYI...

    Cyber Monday - Beware of Cyber Criminals
    - http://blogs.norman.com/2012/securit...yber-criminals
    Nov 20, 2012 - "Black hat search engine optimization (SEO) attacks will be rampant this week leading up to Cyber Monday, so beware!... Throughout the year, cyber criminals -target- the most commonly searched keywords, phrases and topics and taint search engine results. They -poison- apparently relevant links, which appear higher than legitimate results, leading unsuspecting victims to malicious sites. This time of year, black hat SEO attacks typically scam those searching for Thanksgiving recipes, holiday shopping sales and gift guides. Search engines have learned cyber criminal tactics and weed out malicious links. But don’t let other SEO tricks ruin your holiday festivities... What’s the bottom line? If a deal looks too good to be true, you’re probably right! You know this already, but with fierce competition among retailers to offer the lowest price, you may be tempted to click a malicious link. If a link seems even a little suspicious, verify it first. Beyond search engines, protect yourself on social media and email as well. Expand short links with a tool like Untiny* to make sure they’re authentic. If you’re accidentally redirected to a rogue site, of course, don’t download any software or fill out any surveys..."
    * http://untiny.me/

    - http://community.websense.com/blogs/...val-guide.aspx
    "... the "free lunch" or more to the point 'free gift card' or 'free hugely popular consumer electronic device' is offered in return for the simply filling in an online survey or completing a qualifying purchase in order to secure that vastly more expensive item. Commonly these scams utilize emails and social network posts claiming to be from popular brands informing you that 'You have received a gift card from us' or 'Giveaway'. The links of course, if not leading you to malicious websites that could potentially compromise your machine, lead you through a series of sites to harvest your personal information and/or entice you into purchasing memberships, ebooks and other items all in order to secure that great freebie. Once harvested, your data at best could be passed to marketing organizations to further target you, or at worst for identity fraud..."

    - http://aceinsight.websense.com/
    "Enter a URL to see if it contains malicious content.
    A free service..."
    ___

    >> https://upload.wikimedia.org/wikiped...ternet_dog.jpg
    ___

    132 counterfeit sites seized in Cyber Monday blitz
    - http://www.reuters.com/article/2012/...8AP0W620121126
    Nov 26, 2012 - "U.S. and European authorities seized 132 domain names in a counterfeit goods crackdown linked to Cyber Monday, the online bargain day, the head of U.S. Immigration and Customs Enforcement said. The sites, many linked to organized crime, were selling fake goods that ranged from National Football League jerseys and Nike Inc shoes to Adobe Systems Inc software, he said... ICE agents seized 101 domain names in the United States and 31 were taken over by officers in Britain, Romania, Belgium, France and Denmark and by Europol, the European Police Office, ICE Director John Morton said... The Cyber Monday seizures raise the total number of U.S. sites taken over to 1,630 since ICE began its anti-counterfeit campaign in June 2010..."

    Last edited by AplusWebMaster; 2012-11-27 at 04:19.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #26
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down MSN Messenger - now SEO malware ...

    FYI...

    MSN Messenger - now SEO malware ...
    - https://www.securelist.com/en/blog/2...ing_of_attacks
    March 19, 2013 - "Microsoft recently announced the shutdown of its popular IM client MSN Messenger, which will be replaced by Skype, but its end represents the beginning of malicious attacks posing as the installer of the software. Cybercriminals already started to use this fact in their attacks, registering malicious domains, buying sponsored links on search engines, tricking users to download and install a malware masquerade as the MSN installer. MSN Messenger is still very popular in several countries; Microsoft informed that the service has more than 100 million users worldwide, approximately 30.5 million of them in Brazil. As an escalated migration of all users is planned, it's getting harder to find the installer of the program and this is the window of opportunity exploited by Brazilian cybercriminals aiming to infect users looking for the software. In a simple search on Google for "MSN messenger" the first result displayed is sponsored link of a malicious domain aiming to distribute the -fake- installer, which is actually a Trojan banker...
    > https://www.securelist.com/en/images.../208194179.png
    ... download of the fake MSN installer:
    > https://www.securelist.com/en/images.../208194182.png
    Other malicious domains created with the same purpose, some of them already deactivated, are as follows:
    baixarmsndownload .com.br
    downloadmsnbaixar .com.br
    msnmessengerlive .com.br

    We believe this is the first of several expected attacks that use the end of MSN Messenger as bait. As we approach April 8, the day chosen by Microsoft to permanently shutdown the service (April 30th in Brazil), we advise all users to -avoid- looking for the MSN installer and migrate their account(s) to Skype. And the sooner the better to avoid becoming victims of attacks like this."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #27
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Bing Ads lead to Blackhole powered Sirefef malware

    FYI...

    Bing Ads lead to Blackhole powered Sirefef malware
    - http://www.threattracksecurity.com/i...refef-malware/
    March 25, 2013 - "... found rogue adverts in Bing, leading end-users to pages serving up Sirefef Malware via the Blackhole Exploit Kit. The searches weren’t obscure or particularly complicated – in the below example we’re searching for 7Zip:
    > http://www.threattracksecurity.com/i...3/bingads1.png
    ... The above would lead end-users to a .pk site (.pk is Pakistan, in case you were wondering) which appeared to be serving up content related to the Neutrino exploit kit. We reported the ads to Microsoft who seem to have killed off the relevant adverts, but end-users should be advised that there may well be more of them out there. Additionally, some of the exploit sites are coming in and out of rotation – that is to say, some of them will lead nowhere for a while, only to come back to life serving up more badness. At least some of this is targeting users by region – some pages wouldn’t load until the researchers examining them changed their location. Bad ads come around every so often in most search engines, and checking a site out before deciding to click an unfamiliar sponsored link may save you a lot of trouble further down the line. The most straightforward of searches can quickly lead you to a site trying to exploit your PC, and a splash of caution will do you the world of good."
    - Chris Boyd

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •