Malicious Search Results for Polish President Plane Crash
Security Analysts stated that for circulating malware hackers are now taking advantage of the news related to the death of Polish President Lech Kaczynski, as per the news published by Webuser on April 12, 2010.
As the world got to know about the unfortunate news of the plane crash which includes Polish citizens and their President, blackhat SEO scammers worked quite hard. Search results for terms like 'Poland plane crash' were in use by hackers to spread bogus antivirus software, otherwise called scareware.
Experts stated that the SEO method enable the hackers to push specially-designed sites up the search rankings, and when the web users find themselves on the corrupt websites, they see messages informing them that their system is infected.
A security analyst for ParetoLogic, Jerome Segura, disclosed on his malware Diaries blog that Google search results were hit with malicious links immediately after the tragic news, as per the reports by Webuser on April 12, 2010.
Segura stated that nowadays searching for hot news items with Google or Bing search has become risky. It is better to directly visit news sites or use the News page of the search engine.
Security analysts said that hackers lure victims to specially designed sites by putting several keywords onto web pages, which they often chose from the terms that are related to current events.
Therefore, as per security analysts, any Google search regarding this tragedy will be infected with harmful links. The first page of results and the following pages are also inserted with fake links. All the links have something in common the domain / a php page / the keywords.
Some of them are marked by Google ("This site may harm your computer"), but not all. Also, security analysts stated that the users are redirected to a phony AV website that tries to push a rogue application on the user's system.
So, security analysts advised that instead of using the main search facility of the search engine, users should directly go to news sites that they trust.
Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected
» SPAMfighter News - 21-04-2010