If last November you googled one of thousands of innocuous and common search terms, such as " Microsoft excel to access " or " how to teach your dogs to fetch " you were in line for an internet attack that infects PC's with spam senders, password stealers, and other kinds of nasty malware.
Beginning on November 24 and continuing for less than a week, bad guys loaded up more than 40,000 Web pages with malicious software and thousands of common search terms. They then employed an automated network of malware- infected computers, known as a botnet, to link to those sites in blog-comment spam and other places. The mentions elevated the position of the poisoned sites in search results, often to the first page.
CLICK HERE FOR FREE ATTACK.
The malicious sites had no useful information. instead, a simple click on a link to such a site in the search results was enough to launch attacks against your PC. If the attack found any of a number of vulnerabilities in a range of programs, it would load. " This was a massive wave," says Alex Eckelberry. The attack marks a new level of sophistication, using multiple techniques to raise site visibility in search results and deliver malware to a mass audience.
Sunbelt researcher Adam Thomas happened upon the attack when he ran a search of " netgear Prosafe DD-WRT " for router firmware. His trained eye saw a suspicious looking result on the first page. More research and digging on other phrases turned up the vast array of attack sites ( find pcworld.com/59511) None of the sites from this wave, or a smaller follow up group, appear now on Google, and Eckelberry believes the search giant has blocked those specific domains.
GAME ON: GOOGLE BOMBED.
This massive attack had three notable features that point to the sophistication and planning behind it. The first is the culprits use of botnets to push a dark form of SEO ( search-engine-optimization), called a "Google bomb," to boost their sites Google ranking. " They did an extraordinary job optimizing the search results using the bots." Second, the poisoned sites carried JavaScript code on their pages designed to stop visitors coming via other search engines from being attacked, only visitors who came through a Google search were hit.
This trick was a way of flipping the finger at Google. Experts don't know the motive behind directing the attacks at Google users, but online crooks have targeted specific sites and companies in the past when they felt threatened. Google recently launched an online form for reporting a site that Web users believe might contain malware. Third, the manipulated pages carried code that kept the attack sites from appearing in results if the entered search term included certain expressions that security researchers commonly use.
Despite Googles steps to eliminate the impact of comment spam on its search result rankings, the use of SEO techniques is growing in the online criminal underground. And bad guys don't employ the trick just to infect people's PCs. WhiteHat Security chief Jeremiah Grossman says that whoever hacked Al Gore's Web site recently added a link that could be seen only in the sites source code. The link which pointed to an online pharmacy site, was designed to give the drug more relevance. According to underground contacts, the top result for " buy Viagra online " is worth about $50,000 a month.
How to search Safely.
Though this attack was crafty and effective, security experts say ther's no need to stop using Google, as long as you take some precautions. Most important: Keep your software patched and up to date. The attack sites used a programming kit called " 404 exploit framework ", which hits known software vulnerabilities. You can close most of the targeted holes by enabling the automatic update features for microsoft windows, mozilla firefox, Apple Quicktime, and other critical software, but you should also update to the latest version of WinZip, a targeted program that doesn't have an auto-update feature.
Keep a close eye on what you click on, too, and you'll keep search paranoia at bay.
|
