Hackers step up search results attack

By
Follow google news

A malware attack targeting search engine results is continuing to haunt several high-profile sites..

Hackers step up search results attack
The attack uses the common cross-site scripting practice of embedding pages with small IFrame tags which redirect the user to a malicious page on a third-party site.

Researchers claimed that the latest attack is unique in that it targets search engine results.

The hackers have compromised search result pages, using search engine optimisation techniques to hijack search results and send users to sites which host malicious downloads.

Among the sites said to be compromised are major news outlets ABC, USAToday and Forbes, and retailers Wal-Mart, Target and Sears.

Security researcher Dancho Danchev said in a blog posting that the attacks have been lingering on the web for more than two weeks, despite efforts by Google to delete infected pages from its cache.

Danchev estimates that up to one million different search queries will lead users to the infected pages.

Administrators can protect against the attack by plugging the input validation vulnerabilities used to seed the malicious code within the pages.

But Danchev does not see the attacks slowing down anytime soon. "We are definitely going to see many other sites with high page ranks targeted by a single search engine results poisoning in combination with IFrame injections," he wrote.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
attackhackersresultssearchsecuritystepup

Sponsored Whitepapers

The future of resilience: AI-Driven dynamic storage
The future of resilience: AI-Driven dynamic storage
Stop Hiring Like It’s 2025: AI-Augmented Cybersecurity Performance Data Every CISO Needs
Stop Hiring Like It’s 2025: AI-Augmented Cybersecurity Performance Data Every CISO Needs
5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation

Events

Most Read Articles

Dead cars tell tales by storing data that's never wiped

Dead cars tell tales by storing data that's never wiped
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
FBI remotely patched privately-owned routers to evict Russian GRU spies

FBI remotely patched privately-owned routers to evict Russian GRU spies
AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks

AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?