Democrats.org Hacked to Deliver Malware
In a new trend of attack, hackers are exploiting search engine results to entice surfers into visiting malicious websites and thereby spreading malware. Recently, researchers at security company McAfee have said that the official website, Democrats.org, of US Democrat National Party (DNP) that enjoys Google's trust is under the control of cyber criminals who have used it to distribute malware and spam through search results.
Criminals have been able to get their sites among the top ranks within the search results merely by creating a blog on the website of the Democratic National Committee associated with DNP and then have embedded a bogus URL in it. It is worth noting that this high-ranking website enjoys the features of a public blog that permits anybody to create a blog along with posting his desired content.
Security researchers also reveal that from the last several months, cyber crooks are employing the search result technique to enhance the chances of the appearance of their rogue links on Google searchers.
Meanwhile, the researchers attribute the growing use of this tactic to the adoption of Web 2.0 standards such as the popular user-generated content by organizations. The con artists take advantage of this standard's openness. They employ a method known as parasite hosting in which they exploit the good name of a website featuring user generated content to divert its visitors to their own malicious sites.
Moreover, sometimes Google returns a result in response for a term searched, with a corrupt link and also places it on its higher rankings. Furthermore, the researchers found that such terms indeed appeared among the 100 highest search terms on Google for a short period.
Meanwhile, Facebook and Twitter have been massively attacked, and since Google acknowledges the veracity of both the websites and therefore places them on its higher rankings, Google's search hits have become a source for mining malware.
Security researchers have commented that while blog spam makes a significant effect, it emphasizes the importance of web security when the role of user generated content in Web 2.0 is poisoned. Besides the community, it affects the Web considerably.
» SPAMfighter News - 20-03-2009