Attackers Using Google Image Search to Distribute Malware (quit browser with Ctrl-Alt-Delete)

PC World ^ | May 6, 2011 | Ed Oswald

[decimon]

Attackers are now using Google's image search to distributed malware, security experts say. Thousands of sites have reportedly been compromised by code injection--the malicious code redirects users to fake antivirus applications.

Internet Storm Center researcher Bojan Zdrnja writes that the attackers are mostly targeting Wordpress sites, and are injecting PHP code that generates pages with images based on highly-searched content. Google then indexes these pages, and the images show up on Google's image search.

>

What can you do in the meantime to protect yourself if you feel that you have visited a malicious site via Google Images? Security experts recommend not trying to click your way out of it. Instead, quit the browser application using Ctrl-Alt-Delete.

[decimon]

Ping

[KoRn]

Right clicking on your Windows Taskbar and then clicking on ‘Start Task Manager’ is faster, and works much better than using the keyboard, IMO. Most ‘good’ infections disable the Windows task manager anyway, or they disguise their processes to make them an unlikely target for termination by the user.

[cripplecreek]

BING

[decimon]

Right clicking on your Windows Taskbar and then clicking on ‘Start Task Manager’ is faster, and works much better than using the keyboard, IMO. Most ‘good’ infections disable the Windows task manager anyway, or they disguise their processes to make them an unlikely target for termination by the user.

I think the hope here is that you get out of the browser before you're infected.

[Cheetahcat]

Absolutely, sound advice ,use the task manager!

[decimon]

BING

Cherry or Crosby?

[Psycho_Bunny]

This has been going on for months and the “techblog” community has been strangely silent about it. Google’s done a piss-poor job dealing with it.

If you use “Restore last session” on your browser, you have to kill the page before it loads when you restart.

It’s pretty easy because the malicious page was the last page that was opened, and thus the last page to load.

[cripplecreek]

Dave?

[decimon]

If you use “Restore last session” on your browser, you have to kill the page before it loads when you restart.

It’s pretty easy because the malicious page was the last page that was opened, and thus the last page to load.

Good point. So, go offline, restart the browser and kill the windows, no?

[sbMKE]

It’s very bad - I lost a hard drive to a virus I picked up while using Google to prove that Queen Elizabeth is on Canadian paper dollars.

“Queen Elizabeth canadian money” brought me down.

Thanks Google.

[FrankR]

I used Google images a lot, and I have hit a few that won’t let you “back” out without going up to the back arrow, dropping the box down and going back a few pages from the list...but no virus yet.

[decimon]

...but no virus yet.

How do you know?

[FrankR]

virus checker

[dainbramaged]

My computer was infected the other day by a trojan/malware thing calling itself “windows security center”. Everything locked up so I pulled the DSL modem line and hit the kill switch, had it repaired remotely by geeks on site and all seems to be skookum for now.

[gop4lyf]

Hey, cool tip! I would have never thought of that. I am always ctrl alt del to see how much memory firefox is using and your tip is way faster.

[Sir Gawain]

Happened to me yesterday while searching for album covers for my ITunes songs. I killed the process but Firefox was already compromised. GoBack saved me once again, and I reverted my hard drive to an hour prior. I highly recommend a tool like GoBack that loads before Windows boots and creates restore points automatically.

[Sir Gawain]

Yeah I killed the process but Firefox wouldn’t restart.

[ProtectOurFreedom]

“skookum”

I guess that is either really really bad. Or maybe really good.

[dainbramaged]

It’s good - http://en.wikipedia.org/wiki/Skookum