Posted on 10/03/2008 7:26:26 AM PDT by weegee
In an underground ecosystem that is anything but old fashioned when it comes to abusing legitimate web services, cybecriminals have started exploiting the traffic momentum, and by monitoring the peak traffic for popular search queries using Google’s Trends, are syndicating the keywords in order to acquire the traffic and direct it to malware serving blogs primarily hosted at Windows Live’s Spaces.
According to a recent advisory issued by Webroot :
“For the first time, hackers are capitalizing on the top news stories from Google Trends Labs, which lists the day’s most frequently searched topics, which can include news of the Wall St. bail out or the presidential campaign,” said Paul Piccard, director of Threat Research, Webroot. “These highly relevant news stories and videos are being posted to the hackers’ fake blogs to increase the site’s Google search rankings.
These fraudulent blogs contain several video links about the news story for which the users were originally searching. Once a user clicks on one of the video links, they are prompted to download a video codec that downloads a rogue antispyware program designed to goad the user into purchasing an illegitimate program that may put their personal information and data at even greater risk. “
Let’s take a sample, and confirm the ongoing syndication of popular keywords in order to attract traffic to the several hundred malware serving blogs.
A random keyword “on fire” like gwen ifill wheelchair indicates that 55 minutes ago a malware serving blog has been successfully crawled and is now appearing within the first 10 results thanks to the high page rank of Windows Live Spaces. Upon clicking the link, the user is exposed to the typical ActiveX Object Error message that is attempting to trick them into installing TrojanDownloader:Win32/Zlob.AMV with 10 out of 36 AV scanners currently detecting it (27.78%).
Moreover, in order to ensure that their fake blogs will get crawled in the shortest time frame possible so that they can better abuse the momentum peak of the search query, they’re naturally taking advantage of the pre-registered blogs at popular blogging platforms which Google is crawling literally in real-time. Syndicating this particular keyword in order to serve malware is not an isolated event, with several hundred currently active blogs doing exactly the same as soon as Google Trends refreshes its hourly feed.
Malware campaigns have been taking advantage of pure SEO (search engine optimization), and mostly blackhat SEO techniques, during the entire 2008. The difference between the ongoing campaign and previous ones, is that the current approach has a higher probability of attracting generic search traffic since it’s relying on the world’s most popular search engine to tip them on what has the world been searching for during the past hour.
----
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and E-crime incident response. Dancho is also involved in business development, marketing research and competitive intelligence as an independent contractor. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis.
Hackers destroyed to ability to use my website.
I got hit with that. It took me all day to figure out how to remove it from my system. I clicked on some political site and didn't do anything and the next thing I knew there was a new icon on my desktop and it basically hijacked my computer.
The scary thing was that it managed to find a way around my virus protection, which warns me whenever I try to download a program.
All your base are belong to us.
I have noticed that I really can’t click on the stuff in google trends, there is too much garbage. But monitoring the words is very enlightening.
Last night, I was more than pleased to see “exceptionalism” after Sarah’s debate.
I remember when Rush had a guest once, the name of the guest was number one on GT.
GT has depressed and relieved me on various occaisions. But in all, it has given me a little more faith in the American people. I see they often DO pick up on an important issue, which you wouldn’t know from the MSM.
All your base are belong to us.
Sometimes it feels that way.
Then get yourself a Mac!
Then get yourself a Mac!
If you follow my other posts you will see that this hasn’t been my best day.
Stick your Mac where the sun don’t shine.
LOL, I got everything: Windoze, Linux, Apple...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.