Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 27

Thread: Search Engine Poisoning...

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO poison missed by Google...

    FYI...

    SEO poison missed by Google...
    - http://threatpost.com/en_us/blogs/se...-google-012111
    January 21, 2011 - "Attacks that use search engine optimization to push malicious pages into the top rankings on search engine results are on the rise in 2011, but new research from zScaler* suggests that efforts to identify and block the pages are paying meager dividends. A blog post by Web security firm zScaler* notes that Google's own data shows it spots just more than one in two malicious links served up by its search engine. Google reports that they are flagging 52 percent of all malicious links rendered by their search engine. When it comes to malicious links that lead to malware infected pages, Google flags a slightly higher 57 percent. Still, this only accounts for 44 percent of all spam across the Web..."
    * http://research.zscaler.com/2011/01/...r-2010_20.html
    ___

    Be Careful What You Search For ...
    - http://www.symantec.com/connect/blog...hat-you-search
    18 Jan 2011

    Last edited by AplusWebMaster; 2011-01-22 at 17:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Massive Blackhat SEO Malware Campaign Launched

    FYI...

    Massive Blackhat SEO Malware Campaign Launched
    - http://securehomenetwork.blogspot.co...-campaign.html
    January 25, 2011 - "On January 23rd, thousands of machine generated attack sites were registered through GoDaddy via DNSPod name servers. These sites generally include a name of 5 characters in length, and utilize the .info TLD. The sites combine black hat SEO poisoning with virulent malware infections. At least one anti-virus vendor has labeled the infections as "not disinfectable". The structure of these sites take two forms. The attack sites utilize a technique known as wild card DNS. This enables an infinite number of subdomains to be created for a single domain name. Sites like pgkqy.info... refer to as the hounds, contain over 6000 links to the attack sites. The hounds' content (6000 links) consists of 200 links to the subdomains of 30 different attack domains... The hounds' large number of links serve to boost the search engine rankings of the attack sites. The attack sites themselves are littered with keywords and phrases designed to poison search engine results, and lure the unwary. These include references to celebrity sex scandals, teenage sex, and so forth. The attack sites also contain machine generated text consisting of numerous paragraph length narratives (in English and Mandarin). Inserted among these narratives are out of context messages, which resemble coded messages... One of the sites distributing malware to the visitors of the attack sites (code1.2bj.cc) has previously distributed malware deemed "exact, not disinfectable" by F-Prot. In that incident, anti-virus detection rates were approximately 50%... both hound site dsqof .info and attack site bjpwn .info are at 184.82.9.206. -All- are utilizing f1g1ns1 .dnspod .net as a DNS server. We will pinpoint more hostile IP addresses as time permits. You can pursue further investigation with the use of this file:
    - http://doc.emergingthreats.net/bin/v...des_skynet.txt ..."
    (Note "RussianBusinessNetwork" in the URL...)

    Last edited by AplusWebMaster; 2011-01-27 at 16:26.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO poisoning - Google Image search ...

    FYI...

    SEO poisoning - Google Image search...
    - http://community.websense.com/blogs/...-poisoned.aspx
    21 Apr 2011 - "... Websense... has detected that Google Image search returns poisoned pictures when searching on celebrity child "Presley Walker". We first found on Monday that all the image search results took users to a notorious exploit kit – Neosploit. Later, it changed to redirecting users to rogue AV sites. As we publish this blog, the search results are -still- poisoned and are leading to Neosploit again... From the chain, we see the third URL is the malicious site holding the exploit code. We found that all the exploited sites are hosted on the same IP 66.235.180.91, and interestingly, they constructed it with the same path named TF19, which looks like a pattern of this campaign. At last it will trigger appropriate vulnerabilities targeted by this exploit kit according to the user's operating system and browser... we see it downloaded a PDF file that targeted -three- Adobe Reader vulnerabilities. This PDF file is heavily obfuscated and has a relatively low VirusTotal detection*... Neosploit is a well-known exploit kit in the black market. The authors reportedly stopped supporting and updating the exploit kit due to financial problems, but variants of Neosploit have been updated frequently. The variants may contain MDAC (CVE-2006-0003), ActiveX (CVE-2008-2463, CVE-2008-1898), and three Adobe Reader (Collab.getIcon, Util.Printf, Collab.collectEmailInfo) vulnerabilities, among others..."
    * http://www.virustotal.com/file-scan/...bd4-1303201008
    File name: neosploit.pdf
    Submission date: 2011-04-19 08:16:48 (UTC)
    Result: 6/40 (15.0%)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Blackhat SEO and Osama Bin Laden...

    FYI...

    Blackhat SEO and Osama Bin Laden
    * http://www.securelist.com/en/blog/62..._Laden_s_death
    May 2, 2011 - "As always, when big news appear in the press the bad guys start blackhat SEO campaigns in popular search engines trying to lure users to install Rogueware. It's not different this time, with the top news about Osama's Bin Laden death being everywhere. The bad guys were quite fast and started to poison searches results in Google Images. Some of the search results are now leading users to malicious pages..."

    - https://www.computerworld.com/s/arti...ic_on_Internet
    May 2, 2011

    - http://www.us-cert.gov/current/#osama_bin_laden_s_death
    May 2, 2011

    Last edited by AplusWebMaster; 2011-05-03 at 20:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Search Engine poisoning....

    (See previous post in this thread!)
    ___

    Blackhat SEO, Osama Bin Laden’s death, Rogue AV
    - http://www.malwaredomains.com/wordpress/?p=1796
    May 3rd, 2011 || 0day, New Domains, rogue antivirus - "... Searches on “Osama Bin Laden Body” * are leading users to malicious rogueware domains:
    antivirus. cz. cc/fast-scan/ and pe-antivirus. cz. cc/fast-scan/hese
    ... domains will be blocked on the next update but you shouldn’t wait..."

    - http://research.zscaler.com/2011/05/...d-malware.html
    May 2, 2011 - "... went from seeing fewer than 1,000 URLs containing the terms 'osama', 'usama' or 'laden' on Sunday afternoon, to a peak of over 4 million** by 10am PST on Monday morning..."
    ** http://4.bp.blogspot.com/-F2W9MNgKky...s+per+Hour.png

    - http://www.virustotal.com/file-scan/...b93-1304434879
    File name: file-2191417_
    Submission date: 2011-05-03 15:01:19 (UTC)
    Result: 35/41 (85.4%)
    ___

    Osama malware scams spread to Facebook
    - http://www.theregister.co.uk/2011/05...malware_scams/
    3 May 2011

    - http://blog.commtouch.com/cafe/malwa...ebook-malware/
    May 3, 2011

    - http://www.f-secure.com/weblog/archives/00002152.html
    May 3, 2011

    - http://community.websense.com/blogs/...-facebook.aspx
    02 May 2011
    - http://community.websense.com/blogs/...d-malware.aspx
    02 May 2011

    Last edited by AplusWebMaster; 2011-05-04 at 04:11.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down WebbyAwards hacked - compromised w/Blackhat SEO

    FYI...

    WebbyAwards hacked - compromised w/Blackhat SEO
    - http://blog.sucuri.net/2011/05/thewe...ckhat-seo.html
    May 4, 2011 - "The WebbyAwards web site (www .webbyawards .com) is currently hacked and compromised with Blackhat SEO. If you try to search for it on Google you will get a warning saying that “This site may be compromised” * ... if you look at the source code of the page, you will see thousands of hidden spam links in there (about selling Windows vista, buying office, etc) pointing to gl.iit .edu:8080, www .korea .edu, www .gefassembly .org, www .ncsconline .org and car .dost .gov .ph. Yes, all “important” and high PR sites (one university, two .gov sites, etc)... We have no details on how it was compromised yet, but we will keep you posted (if we hear back from them)..."
    * http://3.bp.blogspot.com/-gZayHrDkpL...1600/webby.png

    - http://www.google.com/support/websea...?answer=190597

    Last edited by AplusWebMaster; 2011-05-05 at 09:54.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Scammers - Google Images - malware

    FYI...

    Scammers - Google Images - malware
    - http://krebsonsecurity.com/2011/05/s...s-for-malware/
    May 6, 2011 - "A picture may be worth a thousand words, but a single tainted digital image may be worth thousands of dollars for computer crooks who are using weaknesses in Google’s Image Search to foist malicious software on unsuspecting surfers. For several weeks, some readers have complained that clicking on Google Images search results directed them to Web pages that pushed rogue anti-virus scareware via misleading security alerts and warnings. On Wednesday, the SANS Internet Storm Center posted a blog entry* saying they, too, were receiving reports of Google Image searches leading to fake anti-virus sites. According to SANS, the attackers have compromised an unknown number of sites with malicious scripts that create Web pages filled with the top search terms from Google Trends. The malicious scripts also fetch images from third-party sites and include them in the junk pages alongside the relevant search terms, so that the automatically generated Web page contains legitimate-looking content. Google’s Image Search bots eventually will index this bogus content. If users are searching for words or phrases that rank high in the current top search terms, it is likely that thumbnails from these malicious pages will be displayed beside other legitimate results... Rogue anti-virus scams almost invariably rely on malicious scripts that can be blocked by the excellent Noscript add-on for Firefox, which lets you decide which sites should be allowed to run scripts.
    If you happen to stumble upon one of these fake anti-virus security alerts, stay calm and avoid the urge to click your way out of it. Instead, simply hit Ctrl-Alt-Delete (Task Manager), select the browser process you are using (firefox.exe, iexplore.exe, etc.) and shut it down..."
    * http://isc.sans.edu/diary.html?storyid=10822
    Last Updated: 2011-05-04 08:04:42 UTC
    ___

    If someone was told there's a minefield out there, and also the area where it was located, why would anyone choose to go through it anyway? 'Don't know, but they do.
    Common sense dictates avoidance, at least - look for another way to get whatever it is you're looking for. There are -always- alternatives...
    > https://www.ixquick.com/

    ... until things calm down and they get a handle on fixing the problem.

    > http://www.google.com/safebrowsing/d...?site=AS:15169

    Last edited by AplusWebMaster; 2011-05-17 at 20:05.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO poisoning @ MS Safety and Security Center ...

    FYI...

    SEO poisoning @ MS Safety and Security Center ...
    - http://sunbeltblog.blogspot.com/2011...d-malware.html
    July 08, 2011 - "The MS Safety and Security Center (leads to)... porn redirects, and sleazy porn sites invariably lead to malware... blackhat SEOs are seeding illegimate search results within the Microsoft search results... It's Zugo*,a Bing-branded search toolbar with a history of being installed through exploits and other misleading/deceptive means... hope this all gets cleaned up soon..."
    * http://www.virustotal.com/file-scan/...f6e-1310483975
    File name: XvidSetup_US.exe
    Submission date: 2011-07-12 15:19:35 (UTC)
    Result: 2/43 (4.7%)

    - http://www.theregister.co.uk/2011/07...ks_poisioning/
    11 July 2011

    Last edited by AplusWebMaster; 2011-07-17 at 21:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO poisoning - hijacked sites serve up exploits ...

    FYI...

    SEO poisoning - hijacked sites serve up exploits ...
    - http://sunbeltblog.blogspot.com/2011...loits-seo.html
    September 12, 2011 - "... nasty SEO poisoning scam over the last few days, targeting 9/11 related search terms (alongwith anything else they can get their hands on) to attempt the infection of vulnerable PCs. They use a combination of the Black Hole Exploit Kit and an interesting "on the fly" SEO poisoning tactic to try and drop infections onto the target PC... an example VirusTotal link* to one of the pieces of Malware being used - as you can see, 21/44 currently detect it. As with most attacks of this nature, you can expect to see multiple domains, files and search terms used to lure potential victims. Speaking of search terms, the people behind this are doing some interesting things with their poisoned search results... Keeping your system patched and your security software up to date is a good place to start with regards to avoiding these kinds of attacks, in addition to running a Limited User Account and (perhaps) some browser based script blocking tools such as NoScript..."
    (More detail at the sunbeltblog URL above.)
    * https://www.virustotal.com/file-scan...a7b-1315527862
    File name: file.vxe
    Submission date: 2011-09-09 00:24:22 (UTC)
    Result: 21/44 (47.7%)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Bad ads in Bing...

    FYI...

    Another round of bad ads in Bing
    - http://sunbeltblog.blogspot.com/2011...s-in-bing.html
    September 19, 2011 - "We're seeing some more bad adverts popping up in Bing - just like the original attack, these results are served with very basic search terms so it's pretty easy to stumble into one of the bad URLs... when searching for "Flash player download"... the end-user arrives at malaysiaaktif(dot)com/flash and the fake Flash Player file is served up from dl-softonic(dot)net (a slight change from the original URL used to push the files which flatlined a few days ago*)... be careful when searching for basic tools, programs and files in Bing until these rogue adverts have a healthy dose of "put in jail and throw away the key" applied to them..."
    (Screenshots available at the sunbeltblog URL above.)
    * http://forums.spybot.info/showpost.p...&postcount=201

    Last edited by AplusWebMaster; 2011-09-19 at 19:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •