Serena Williams Outburst Allows Hackers to Install Malware
A warning by Symantec security experts states that cyber crooks are exploiting Serena Williams' outburst at the US Open semi-finals to start off an SEO (Search Engine Optimization) campaign, which could make Web-surfers download malware.
As the video-clip, showing Williams flaring up at one of the judges, turning out a highly sought after online search item, cyber criminals have started compromising websites that emerged on search engines to distribute bogus anti-viruses.
Furthermore, keywords like 'Serena Williams Outburst' could land users on a deceitful website namely '''www.pixnet.com.'
Here Symantec cautions that although appearing as authentic, the domain actually is under hackers' control as they serve bogus antivirus scanners through it.
Hon Lau, Senior Security Response Manager at Symantec, said - unwitting surfers accessing the website will immediately find pop-up windows, giving alerts of different kinds of security threats, prior to being presented with the opportunity for downloading software, which can rectify them. But the software should be ignored since it was a bogus antivirus capable of harming computers, said Lau, as reported by Nzherald on September 15, 2009.
Lau continued that the attack, otherwise called SEO-poisoning, was just the strategy, which criminals applied for exploiting people's inquisitiveness.
Craig Schmugar, Senior Threat Researcher at McAfee, stated that compromising search engine results was a frequent tactic as attackers had become more skilled at setting up domains, which leveraged popular keywords, and Google had quickened at indexing web-pages, as reported by SCMagazine on September 14, 2009.
Moreover, the malware authors exploit Google Trends that compiles the 100 most widely-searched phrases of the day to figure out which terms are more suitable for poisoning.
However, this was a generic problem more than anything else because the criminals in most cases took advantage in any manner possible, Schmugar said and reported by SCMagazine.
Finally, Lau warns that though the attack is currently small, it indicates the danger of misleading applications, which might appear as genuine software, but in reality harvest users' personal information or scare them into paying for fake security software. Thus, it is advisable that users avoid such applications.
» SPAMfighter News - 03-10-2009