Hackers target search terms on top search engines
Hackers have started on an organized
attack on major search engines with
innumerable keywords resulting in
search results that point to malicious
Web sites. Once clicked, the sites
will cause a download of Trojans, key
loggers, or elicit bogus clicks.
Simply put, damn near any Google
search term–even terms like “hospice”–
can take you to one of these malware
sites. Computerworld quotes Sunbelt
Software CEO Alex Eckelberry as
saying “this is huge.” I’m inclined to
agree, especially considering
Eckelberry’s inventory: “27 different
domains, each with up to 1,499
[malicious] pages. That’s 40,000
possible pages.”
The malicious sites seem to have made
it to the top of the results via
comment, blog spam, and rigging Web
pages with keywords solely for the
purpose of making it to the top list.
The malicious attacks were brought
into focus by security researcher Adam
Thomas of anti-spyware company Sunbelt
Software. The malware from the sites
make use of an iFrame exploit in IE
and also result in the downloading of
Trojans and keyloggers.
Search engines have begun purging the
malicious links from their indexes.
Ranking systems at search engines are
based on proprietary algorithms that
are tuned to avoid bogus links, but
the question remains whether present
day techniques are sufficient to avoid
organized large-scale malicious
attacks in the future.
