SEO Poisoning Infecting Google Videos
Security investigators from Trend Micro, an antivirus company, have warned that visual search results on Google are poisoned through a newly found trend. As many as 400,000 search attempts have given back hostile results connecting to malicious software.
The security company states that online miscreants have been employing the Blackhat SEO (Search Engine Optimization) techniques for longtime to corrupt search results by inserting malicious web content in them. However, this practice has lately become more popular, with more legitimate web services are exploited to spread malicious software as criminals take advantage of users' faith in their content.
According to Jake Soriano who is one of the people in charge of technical communications at Trend Micro, the new SEO poisoning proves that Internet search applications are fast becoming preferred bases for cyber criminals to carry out their operations, as reported by Softpedia on February 2, 2009.
Besides, the security analysts at the company have discovered a massive number of poisoned results connecting to hoax video-sharing utilities that spoof YouTube. The malevolent webpages are spreading a worm that Trend Micro has detected as WORM_AQPLAY.A. This worm disguises as an installer of Flash player known as FlashPlayer.v3.181.exe necessary for viewing the videos.
Moreover, once the installation is over, the worm starts to proliferate itself to other PCs through detachable devices like USB sticks where it plants fake autorun.inf files. This technique is another method of propagation that has made resurgence. It is believed that the technique greatly benefitted from the accomplishments of the notorious Conficker virus.
Another interesting aspect, as per the researchers at Trend Micro, is how surfers land on these hoax websites at the very outset. Researchers believe that the criminals group responsible for this malicious development is regulating and using a large number of rogue domains that possess keyword-riddled pages and therefore, appear as high-ranking search hits when surfers type in some specifically related phrases.
While Soriano suggests users to be extra cautious when visiting a search domain on account of the Blackhat SEO threats, other researchers have advised disabling the risky Windows Autorun feature when it is not required on the system.
» SPAMfighter News - 17-02-2009