Page 7 of 8 FirstFirst ... 345678 LastLast
Results 61 to 70 of 73

Thread: Search Engine Poisoning - archive

  1. #61
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Office.Microsoft.Com search results can lead to Rogue AV

    FYI...

    Office.Microsoft.Com search results can lead to Rogue AV
    - http://securitylabs.websense.com/con...rts/3519.aspx?
    01.08.2010 - "Websense... has detected that search results on office.microsoft.com can lead users to a Rogue AV page. Users looking for information related to help with Office products on Microsoft’s own site are being targeted. Users may be unaware that, when they type in search queries on the site, Microsoft scours its own Web site for results, but also pulls in results from the broader Web. As the URL for the search results begins with http ://office.microsoft .com, this is particularly troubling for users who trust sites simply because of their reputation. The malicious URL is a redirect to a very real-looking virus scan and warning page presented by a Rogue AV program (SHA1: 6489c54e30af18801a9e83a5855fa639f3bae0b8). The executable used in the exploit is currently recognized by 1 of the 41 AV engines on Virus Total*...."
    * http://www.virustotal.com/analisis/3...d3d-1262943359
    File Setup55530_2045-10.exe received on 2010.01.08 09:35:59 (UTC)
    Result: 1/41 (2.44%)

    (Screenshot/video available at the Websense URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #62
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Black Hat SEO Ice Skating Car Video

    FYI...

    Black Hat SEO Ice Skating Car Video
    - http://securitylabs.websense.com/con...rts/3522.aspx?
    01.11.2010 - "Websense... has discovered that a popular video called "Paignton Ice Skating for Cars" has been targeted by both SEO poisoning attacks as well as Web spam. As a wave of icy weather is currently hitting large parts of Europe, the video has proved to be very popular, with currently more than 850,000 hits on Yahoo Video. A different uploaded version on YouTube has had more than 1 million views so far. Criminals have used the video's popularity as an opportunity to spread rogue anti-virus programs by poisoning the search results of major search engines. When the term "ice skating car" is searched via Google, nearly half of the search results on the first page redirect the user to rogue anti-virus sites. Clicking any of those links takes the user to a Web site with the message: "Your PC is at risk of virus and malware attack." That's an old trick used to lure unsuspecting users to download a fake anti-virus installer... The black hat search results in Google -redirect- the user through several sites, most of which are hosted in Russia, before finally landing in the rogue anti-virus site. The criminals often change the second site in the redirection chain in order to make it harder to detect. The file has a relatively low AV detection rate*..."
    (Screenshot available at the Websense URL above.)
    * http://www.virustotal.com/analisis/2...57b-1263209375
    File packupdate_build6_294.exe received on 2010.01.11 11:29:35 (UTC)
    Result: 10/41 (24.39%)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #63
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Black Hat SEO - Haiti Earthquake

    FYI...

    Black Hat SEO - Haiti Earthquake
    - http://securitylabs.websense.com/con...erts/3524.aspx
    01.13.2010 - "Websense... has discovered that searches on terms related to the recent earthquake in Haiti return results leading to a rogue antivirus program. The earthquake, which happened on Tuesday near Port-au-Prince, had a magnitude of 7.0 and is said to be the most powerful earthquake to hit Haiti... People around the world are searching the Internet to find the latest updates on this issue, wanting to know how to make charitable donations, trying to discover the extent of the calamity through photos or videos, and looking to see what their favorite artists and musicians are saying about the disaster. Unfortunately, the bad guys use major crises and events like this to spread their malicious code*..."
    * http://www.virustotal.com/analisis/a...e89-1263413836
    File Setup_88s1.exe received on 2010.01.13 20:17:16 (UTC)
    Result: 4/41 (9.76%)
    * http://www.virustotal.com/analisis/b...458-1263404507
    File packupdate_build9_290.exe received on 2010.01.13 17:41:47 (UTC)
    Result: 8/41 (19.51%)

    (Screenshots available at the Websense URL above.)

    - http://www.m86security.com/labs/i/Po...race.1217~.asp
    January 13, 2010

    Last edited by AplusWebMaster; 2010-01-14 at 03:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #64
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Searches for free printable items lead to mal-domains

    FYI...

    Searches for free printable items lead to mal-domains
    - http://blog.trendmicro.com/searches-...o-mal-domains/
    Jan 26, 2010 - "... blackhat SEO attack that uses strings with the phrase “free printable” to hijack search traffic by directing it into a rogue search engine. Our researchers have found that search engine queries using the string “free printable” yield results that include compromised websites. The said compromised websites are rigged with malicious JavaScripts detected as JS_REDIRECT.SMF and JS_REDIRCT.MAC. JS_REDIRECT.SMF and JS_REDIRCT.MAC triggers a set of redirections whenever the compromised sites are visited. The redirections ultimately lead to a rogue search engine, which by default puts the originally used search string into its own search text box. As of now, the cybercriminals’ goal in all this seems to be hijacking search traffic from search engines, and -redirect- them into their own search engine to earn them money. If it stays as such is not yet known, but users need to be wary, since it would be very easy for cybercriminals to change the final landing site of the redirections to a malware-hosting site... It is very possible that this blackhat search engine optimization (SEO) attack takes advantage of the fact that the interest for free printable items is relatively high, especially in South Africa and the United States. We are strongly advising users -not- to use search strings that include the word “free printable,” as the results may lead to malicious websites. We are currently monitoring this attack and will update this entry for developments..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #65
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down More SEO poisoning attacks...

    FYI...

    More SEO poisoning attacks...
    - http://isc.sans.org/diary.html?storyid=8098
    Last Updated: 2010-01-27 23:24:06 UTC - "... Recently we got details about two active SEO poisoning attacks for two specific hot topics:
    * A new Facebook unnamed app. Sample search term: "facebook unnamed app".
    - http://countermeasures.trendmicro.eu...ds-to-malware/
    * Today's Apple tablet announcement, called iPad. Sample search term: "apple tablet announcement".
    - http://securitylabs.websense.com/con...?cmpid=slalert
    The related search terms for these two hot topics in Google are returning top results pointing to sites that distribute malware. Apart from the common defense-in-depth practices regarding client and end point protection, one of the best recommendations is to demonstrate this type of attack on your security awareness programs, so that users do not blindly trust any output they get from search engines."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #66
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Olympics SEO poisoning...

    FYI...

    Various Olympics Related Dangerous Google Searches
    - http://isc.sans.org/diary.html?storyid=8239
    Last Updated: 2010-02-15 20:26:18 UTC - "We have received reports about the (sadly expected by now) search engine poisoning for various Olympics related terms. For example the name of the killed Georgian luge athlete is used to redirect unsuspecting users to fake anti virus and other malicious content. The redirect is browser dependent. Firefox is usually redirected to "qooglesearch .com" (note the 'q' as first letter instead of a 'g'). It is probably advisable to watch out for DNS requests for this domain to spot possible infections. Internet explorer is redirected to a wide range of different domains which apparently are picked at random..."

    (Video at the URL above: 2:44)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #67
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Google search poisoned...

    FYI...

    Kneber = Zeus...
    - http://www.symantec.com/connect/blogs/kneber-zeus
    February 18th, 2010 - "... Symantec has also observed cybercriminals seeking to exploit computer users’ fears—spurred by all of the coverage that this threat is receiving* — by poisoning search engine results for keywords such as “Kneber Botnet Removal.” In fact, when analyzed by Symantec, the highest ranked result on Google using these search terms led to a site hosting rogue antivirus software..."
    * http://forums.spybot.info/showpost.p...&postcount=209

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #68
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Bloombox - Blackhat SEO poisoning

    FYI...

    Bloombox - Blackhat SEO poisoning
    - http://securitylabs.websense.com/con...rts/3554.aspx?
    02.22.2010 - " Websense... has detected that search terms related to the Bloom Energy and its Bloombox Fuel Cell have become the latest target for Blackhat SEO poisoning attacks. Bloom Box is a breakthrough technology in the energy sector that could revolutionize the way electricity is generated today. As people become interested in finding more information on this technology, related search terms are currently gaining momentum, and as they do so Blackhat SEO attacks are starting to climb up the search result listings. At the moment, according to the VirusTotal report only 10% of antivirus products are detecting the threat*..."
    * http://www.virustotal.com/analisis/d...f9c-1266851237
    File mes_fs9.exe received on 2010.02.22 15:07:17 (UTC)
    Result: 4/41 (9.76%)

    (Video at the Websense URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #69
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO poisoning galore - leads to rogue AV...

    FYI...

    SEO poisoning galore - leads to rogue AV...
    - http://sunbeltblog.blogspot.com/2010...l-but-its.html
    February 26, 2010 - "... a “green” hot water heater that might be a good addition to his Earth-friendly home... did a Web search for “GE geo spring water heater.” What he found wasn’t Earth or anything else-friendly! SEO poisoning galore... It’s the SecurityTool rogue* that has been making the rounds since October..."
    * http://rogueantispyware.blogspot.com...uritytool.html

    (Screenshots available at the Sunbeltblog URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #70
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SEO Poisoning: Chile Earthquake

    FYI...

    Search Engine Poisoning: Chile Earthquake
    - http://isc.sans.org/diary.html?storyid=8317
    Last Updated: 2010-02-27 14:23:30 UTC - "You probably heard about the major earthquake in Chile happening last night. So have the malware writers engaged in search enigne poisoning. Search Google for "Chile Earthquake" and you will find a number of malware sites like "Qooglesearch .com" on the first page. As regular charities start to use these keywords, the poisoned results may be pushed back a bit and show up under other related keywords. As usual, let us know if you find any odd sites related to this. So far the only thing I am seeing is the fake AV / malware push via search engine poisoning."

    - http://www.symantec.com/connect/blog...ogue-antivirus
    February 27, 2010 17:31

    Last edited by AplusWebMaster; 2010-02-28 at 05:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •