Malware writers exploit Google Trends

Malware distributors are taking advantage of Google Trends to earn top billing for their pages, according to security experts.

Researchers at McAfee's Avert Labs said that a number of malicious pages have seen their Trend ranking artificially enhanced so that the pages will be returned as top results for a number of Google searches.

McAfee senior threat researcher Craig Schmugar said that the malware writers appear to be using the Google service to find the most popular current search topics, then loading the pages with keywords and text to show up on result pages for those terms.

"One thing they are doing is to pull the content off the pages that are already ranked high, which makes it a little more transparent when you see the search results," said Schmugar.

After clicking on one of the malicious links, the user is redirected to a page which will attempt to exploit a three-year old vulnerability in Internet Explorer, as well as a number of fake 'alert' pop-ups designed to trick the user into installing rogue security software.

Schmugar suggests that users exercise extra caution when clicking on search results and avoid following links to unknown or suspicious domains.

Using Google Trends to place specially targeted malware attacks is not new. In October 2008 researchers warned that criminals could take advantage of the system. The latest attacks seem to confirm those fears.

"There was the notion that attackers were using Google Trends," Schmugar explained. "But this has been going on for at least several days, whereas before it was on a much smaller scale."