Search terms lead to compromised sites, Google cleans database

By

Beware when searching for presents this Christmas, cybercriminals have ramped up their Web attacks campaign using simple search terms such as “christmas gift shopping” to serve up compromised websites via search engines.

Search terms lead to compromised sites, Google cleans database
According to a Trend Micro blog entry yesterday, Ivan Macalintal wrote, when he searched for “christmas gift shopping” in Google the search engine listed several .cn URLs that led to malicious sites.

He warned: “Searching for the above phrases can lead you to the malicious URLs. Clicking on these URLs then takes you to another site via a JavaScript, eventually leading to the download and execution of a malware.”

One site was titled ‘Christmas card with girl on phone! Shopping for christmas gift' with the URL Zxzgpxltkxt.cn/1278.htm.

Furthermore, Macalintal said the sites have an IFRAME that redirects users and installs malware.

“Expect more new ones [malicious sites] to come our way this Christmas,” he warned.

Adam Biviano premium services manager at Trend Micro said the malware can be dished up in any search engine.

“There’s no reason why [the threat] shouldn’t be on other sites,” he said.

Asked what page the dubious sites appear on, Biviano said he didn't have specifics but speculated the attackers could be using SEO techniques that a web designer would use to get a high search engine rankings.

“Websites don’t appear on search engines overnight. They may have uploaded these sites months ago and then added malware,” Biviano said.

On Wednesday afternoon, a Google Australia spokesperson said the searches are now clean and stated: "Sites that exploit browser security holes to install software (such as malware, spyware, viruses, adware, and trojan horses) are in violation of the Google quality guidelines, and may be removed from Google's index."

"Google takes the security of our users very seriously, especially when it comes to malware,” the spokesperson said.

In a blog post on SunbeltBLOG on November 26, Alex Eckelberry signalled the initial warning of this trend and said "a large amount of seeded search results which lead to malware sites in Google have been noticed."

Eckelberry warned: “Clicking on these links will expose the user to exploits which will infect a vulnerable system (in other words, a system that is not fully up-to-date with the latest patches)."
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
securityseoweb threats

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?