Attackers Exploit Google Trends for ‘Spamdexing’

According to ScanSafe, spammers are taking advantage of people's growing interest in Conficker through Google Trends. They are utilizing people's interest to exploit various search websites.

The huge curiosity for the Conficker virus, amplified with the '60 Minutes report', has resulted in an ironic development. Although the 60 Minutes report's prediction of April1, 2009 to be doomsday was largely misguided, the report led a huge number of people to enter terms like "Virus April1" or "Conficker" in search engines.

As a result, spammers 'spamdexed' (a term referred to search engine corruption) the particular search terms. Often attackers manipulate keywords on search engines to serve links that lead to fake websites delivering malware.

Therefore, if a trustworthy website is hacked, very often its pages would be manipulated or new pages would be added to include content or links that would push up the ranking of those undesirable or malicious pages. Since the attackers happen to control those pages, they can change the keyword terms and associated links as per their whims.

Moreover, attackers, utilizing Google Trends as well as popular search phrases such as "Virus April 1" or "Conficker", can easily measure the prevailing interest level. Subsequently, they can leverage that interest for the related subject to inject links that would connect to malicious sites whenever searches are done on that subject.

Furthermore, search for Conficker increased enormously from March 29, 2009 with a further rise on March 30 and 31, 2009. A majority of the searches related to the Conficker worm emanated from the US, Canada and Indonesia, according to Mary Landesman, Senior Security Researcher at ScanSafe, as reported by SCMagazine on April 2, 2009.

Ms. Landesman further said that everything the spammers were doing was very unfortunate. What's more, she believes that reports of attacks because of search engine corruption and spamdexing could lead to an absence of faith and loss of trustworthiness for security vendors.

Nevertheless, in the current case of search engine poisoning because of Conficker, threat reporting means another consequence. People's growing interest in the worm raise the risk for computer users to get infected with malware.

Related article: Attackers Use Another ‘Word Flaw’ To Plant Trojan

» SPAMfighter News - 4/10/2009