Search Engines Used to Push Traffic to Malware Sites
SunbeltBlog is reporting a sizable operation to spread malware by luring search engine visitor to sites hosting malware. Sunbelt has a list of 12 pages of search terms (.pdf) that can lead to malware hosting sites. The sites uses fake codecs and iFrame exploits to push the malware. Some of the sites listed in one SunbeltBlog example are no longer showing up in the top 20 Google results.
ComputerWorld is also commenting on the story:
Users searching Google, Yahoo, Microsoft Live Search and other engines with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn dial in" to the heart-tugging "how to teach a dog to play fetch" -- will see links near the top of the results listings that lead directly to malicious sites hosting a mountain of malware."This is huge," said Alex Eckelberry, Sunbelt Software's CEO. "So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."
and
"They get themselves on to Google, then redirect people to their malware pages," said Eckelberry. Most users wouldn't suspect anything's amiss with the rogue results, although the ultra-wary might be suspicious because many of the malicious URLs are just a jumble of characters, with China's .cn top-level domain at their ends.
If patches aren't up to date, now would we a good time to get them updated. All the malware seen so far these sites are known to security vendors so patched systems shouldn't have too many problems (?).
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
