Researchers Traced New Malicious Drive

Researchers at security firm 'eSoft' have been following a latest campaign launched by cybercriminals of infecting and creating websites to be used in SEO (search engine optimization) poisoning as well as malware distribution.

According to eSoft, the attack mainly relies on a website referrer, or user-agent, that allows cybercriminals to effectually raise their search engine ranking while hiding their malicious intentions.

SEO adapted content will be served to Google as well as other search engine bots to compromise search results and attract Web traffic. The content makes intelligent use of a blend of text and images extracted from different websites.

Users visiting these pages through search on Google or other search engines are exposed to a huge risk. During the period of monitoring, eSoft has observed these pages delivering fake anti-virus, redirecting to bogus pharmacies, fake search webpages, etc.

Moreover, majority of websites involved in this scam host a Red Button flash file, which suggests a compromise. Although nothing malicious is immediately seen on offering a click to the red button, these pages are a placeholder for the attackers. The character of these pages gets changed depending on the way of referencing them, and they could infect the users' PC with malware anytime.

Senior Director of development at security firm Symantec, Kevin Hogan stated that blackhat SEO techniques are nothing new, and it is being tracked by security researchers as a key vector for fake anti-virus infections, reported itweb.co.za in the final week of June 2010.

Moreover, according to Nicolas Brulez, senior malware researcher at another security firm Kaspersky, blackhat SEO techniques are famous for pushing rogue anti-virus programs, but there's no trend that confirms that they push other type of malware also, reported itweb.co.za in the last week of June 2010.

Few months back in March 2010, a research paper from security firm Sophos highlighted that although SEO triggered malware distribution may appear difficult to block due to the apparent legitimacy of SEO webpages, there do exist some effective measures which can help users protect themselves, such as using a reputed vendor's anti-malware software.

Related article: Researchers Urge Caution against phishing Scams

» SPAMfighter News - 7/12/2010