A huge campaign to poison web searches and trick people into visiting malicious websites has been thwarted.
The booby-trapped websites came up in search results for search terms such as "Christmas gifts" and "hospice".
Windows users falling for the trick risked having their machine hijacked and personal information plundered.
The criminals poisoned search results using thousands of domains set up to convince search index software they were serious sources of information.
Innocent victim
While computer security researchers have seen small-scale attempts to subvert search results before now, the sheer scale of this attack dwarfed all others.
"This was fairly epic," said Alex Eckelberry, head of Sunbelt Software - one of the firms that uncovered the attack.
Mr Eckelberry said tens of thousands of domains, many based in China and only a couple of days old, were used in the vanguard of the attack.
Websites loaded on these domains were booby-trapped with malicious software that looked for vulnerabilities in copies of Microsoft's Internet Explorer used to browse them.
This is not going to go away
The criminals who bought the domains convinced Google, MSN and Yahoo they were good and popular sources of information, said Mr Eckelberry, by using comment spam on blogs to push the pages up the search index rankings.
Sunbelt had discovered malicious sites connected with search terms such as "hospice", "cotton gin and its effect on slavery", "infinity" and many more.
"You could be searching for really innocuous things and get nailed," said Mr Eckelberry. "There was really nasty stuff in there."
"If there's any message from this I can scream from the rooftops its make sure you patch your machine," he said.
Security firm Trend Micro also discovered a series of booby-trapped sites aimed at Christmas gift shoppers and those looking for information about many other innocent subjects.
"Some of the top rated hits are leading to the malicious sites," said Raimund Genes, chief technology officer at Trend Micro.
 The criminals tried to catch out Windows users |
He speculated that the campaign was being waged by the Russian Business Network - a hi-tech criminal gang known to favour web-based attacks.
The booby-trapped websites were thought to be in operation for about 24 hours before Google began stripping them out of its search index. Some of the trapped websites are believed to be still turning up in searches carried out on Yahoo and MSN Live.
But, said Mr Eckelberry, this attack was likely to be a harbinger of many more.
"This is not going to go away," he said.Fantastical feast Honeymoon over 'St Petersburg clan'
0 comments:
Post a Comment