Search terms lead to compromised sites, Google cleans database

By

Beware when searching for presents this Christmas, cybercriminals have ramped up their Web attacks campaign using simple search terms such as “christmas gift shopping” to serve up compromised websites via search engines.

Search terms lead to compromised sites, Google cleans database
According to a Trend Micro blog entry yesterday, Ivan Macalintal wrote, when he searched for “christmas gift shopping” in Google the search engine listed several .cn URLs that led to malicious sites.

He warned: “Searching for the above phrases can lead you to the malicious URLs. Clicking on these URLs then takes you to another site via a JavaScript, eventually leading to the download and execution of a malware.”

One site was titled ‘Christmas card with girl on phone! Shopping for christmas gift' with the URL Zxzgpxltkxt.cn/1278.htm.

Furthermore, Macalintal said the sites have an IFRAME that redirects users and installs malware.

“Expect more new ones [malicious sites] to come our way this Christmas,” he warned.

Adam Biviano premium services manager at Trend Micro said the malware can be dished up in any search engine.

“There’s no reason why [the threat] shouldn’t be on other sites,” he said.

Asked what page the dubious sites appear on, Biviano said he didn't have specifics but speculated the attackers could be using SEO techniques that a web designer would use to get a high search engine rankings.

“Websites don’t appear on search engines overnight. They may have uploaded these sites months ago and then added malware,” Biviano said.

On Wednesday afternoon, a Google Australia spokesperson said the searches are now clean and stated: "Sites that exploit browser security holes to install software (such as malware, spyware, viruses, adware, and trojan horses) are in violation of the Google quality guidelines, and may be removed from Google's index."

"Google takes the security of our users very seriously, especially when it comes to malware,” the spokesperson said.

In a blog post on SunbeltBLOG on November 26, Alex Eckelberry signalled the initial warning of this trend and said "a large amount of seeded search results which lead to malware sites in Google have been noticed."

Eckelberry warned: “Clicking on these links will expose the user to exploits which will infect a vulnerable system (in other words, a system that is not fully up-to-date with the latest patches)."
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?