Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

‘Massive’ malware barrage poisoning search sites

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Latest Breaking News Donate to DU
 
swag Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Nov-28-07 10:39 AM
Original message
‘Massive’ malware barrage poisoning search sites
Source: SearchSecurity.com

Those using Google, Yahoo! and other search engines face a new danger according to the folks at Sunbelt Software: seeded search results that will redirect the user to sites rigged with malware.

The Sunbelt blog describes tens of thousands of individual pages its researchers found that have been meticulously created with the goal of obtaining high search engine ranking. Just about any search term you can think of can be found in these pages, wrote Sunbelt researcher Adam Thomas.

. . .

“With Scam.Iwin, the victim’s computer is used to generate income for the attacker in a pay-per-click affiliate program by transmitting false clicks to the attacker’s URLs without the user’s knowledge,” Thomas said. “The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the Internet.”

Scam.Iwin is also used to load malware for other groups, he noted. One such group is associated with the notorious RBN (Russia Business Network).


Read more: http://security.blogs.techtarget.com/2007/11/28/massive...



Note: this seems to have hit critical mass this week, with tons of incidents being reported.
Printer Friendly | Permalink |  | Top
Bitwit1234 Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Nov-28-07 10:50 AM
Response to Original message
1. Answer this question for me
What do you mean by pay per click. If I go to a site, and click on to an ad or what. If I go to the site and click on to a subject is that the same. I want to know the difference to be prepared.
Printer Friendly | Permalink |  | Top
 
dlfuller Donating Member (81 posts) Send PM | Profile | Ignore Wed Nov-28-07 11:15 AM
Response to Reply #1
2. pay per click
Typically pay per click relates to:

Ads on a website, that when you select (click) them, provide revenue to the web site's owner for the referral, from the ad's sponsor or owner.

This could also be used as well when you simply view a web page that has ads already displayed, the web site could log page views and report them as views (traffic) for revenue.

If you use Firefox with NoScript and Adblock plugins active you will defeat most ads or redirects.

Dave
Printer Friendly | Permalink |  | Top
 
swag Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Nov-28-07 11:21 AM
Response to Original message
3. This report is a bit better:
http://www.pcworld.com/businesscenter/article/139999/se...
A large-scale, coordinated campaign to steer users toward malware-spewing Web sites from Google search results is under way, security researchers said Tuesday.

Users searching Google with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn dial in" to the heart-tugging "how to teach a dog to play fetch" -- will see links near the top of the results listings that lead directly to malicious sites hosting a mountain of malware. "This is huge," said Alex Eckelberry, Sunbelt Software's CEO. "So far we've found 27 different domains, each with up to 1,499 pages. That's 40,000 possible pages."

Those pages have had their Google ranking boosted by crooked tactics that include "comment spam" and "blog spam," where bots inundate the comment areas of sites with links or mass large numbers of them as bogus blog posts. Attackers may be using bots to plug links into any Web form that requests a URL, added Sunbelt malware researcher Adam Thomas.

There's no evidence that the criminals bought Google search keywords, however, nor that they've compromised legitimate sites. Instead, they've gamed Google's ranking system and registered their own sites.

"They get themselves on to Google, then redirect people to their malware pages," said Eckelberry. Most users wouldn't suspect anything's amiss with the rogue results, although the ultra-wary might be suspicious because many of the malicious URLs are just a jumble of characters, with China's .cn top-level domain at their ends.


. . .
Printer Friendly | Permalink |  | Top
 
kineneb Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Nov-28-07 12:16 PM
Response to Original message
4. which OS does this affect?
...running Linux (Kubuntu) here...
Printer Friendly | Permalink |  | Top
 
bemildred Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Nov-28-07 01:11 PM
Response to Reply #4
5. Sounds like the malware would be WIndoze, but there are no guarantees.
The web part would not be OS specific. The rec above for Firefox+NoScript+Adblocking is a good one.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Sat Apr 19th 2014, 11:42 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Latest Breaking News Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC