Sunday, February 14, 2010

Malware Via Search Results

Cyber crooks are rigging the internet with booby-trapped blog commentary, chat rooms, email messages and websites, according to a Websense report released on Thursday.

Analysis of online threats during the second half of 2009 showed that 81 percent of email was rigged to deliver "malicious" code and 95 percent of comments posted to blog or chat forums were spam or links to nasty payloads.

Search Engine Optimisation (SEO) poisoning attacks were a favoured tactic, piggybacking on hot topics such as celebrity deaths or major disasters to lure people to websites designed to infect computers.

"It is pretty scary," said Websense security research manager Stephan Chenette. "Attackers have been moving in the same direction as Bing and Google with real-time search results."

The rival internet search engines have been improving results pages to feature fresh content such as Twitter posts in real time.

Complete control over rankings

Hackers use armies of infected computers referred to as "botnets" to host a plethora of bogus websites and swiftly lift links high into internet search results based on hot topics at any given moment, Chenette said.

"They use botnets nowadays to give them control over search engine rankings," Chenette said of hackers. "They are jumping on the band wagon of any big event; at a drop of a dime they can instruct botnets to run websites and raise those links high in searches."

Websense found that 13.7 percent of the time trick websites rigged with "malware" were included in the top 100 results for searches conducted using words from Yahoo! Buzz or Google Trend hot topics tracking services.

"Attackers are following every real-time event that is happening and changing, minute-by-minute, their rankings in Google search," Chenette said. "Attackers are as real time as any real-time search engine."

Websense gathered its data from a Threat Seeker Network that every hour scans more than 40 million Web sites for malicious code and nearly 10 million emails for nefarious content.

Trusted websites infected

A popular malicious payload is a "scareware" program designed to frighten people into paying to fix computer problems that don't exist.

Computer viruses also typically install code that lets hackers commandeer control of machines, adding them to botnets.

The number of malicious websites more than doubled from the second half of 2008 to the same six-month period last year, according to Websense.

Making matters worse, hackers are also increasingly planting viruses on websites people have grown to trust.

Approximately 71 percent of the websites found by Websense to have malware were legitimate websites that had been compromised without the operators' knowledge.

"It's almost as if you can't trust the sites you know," Chenette said.

Hackers are also combining tactics.

For example, recent cyber-attacks on some 30 firms including Google combined using trick emails and malicious software to invade company systems.

iAfrica

No comments:

Post a Comment