Security Researchers Discover Google Images BHSEO Campaign

Security researchers at Webroot (a firm that develops various anti-malware products) have newly intercepted a new Google Images Black Hat Search Engine Optimization (BHSEO) campaign.

It is worth noticing that BHSEO campaigns are one the most common methods of malware distribution on Internet. This process includes artificial inflating PageRank of malicious website to push them on the initial page of search results for keywords related to current events.

One of the Webroot security researchers found that Google Images (connected to a map of the US) was leading Web users to various pages which host a rogue antivirus installer in the Security Tool family of fine and fraudulent products.

The most striking feature of the attack is its browser awareness, said the security firm. The researchers played around with infected search results using the five different browsers namely - Safari 5, Internet Explorer 6 and 8, Firefox and Google Chrome.

It was found by the researcher that first redirect script meant to ascertain the visitor's browser. On the basis of the result, the victims were directed to a landing page made especially for their browser.

For instance, the IE users were taken to a page that displayed an antivirus scan animation and showed bogus security alerts regarding fictitious infections. This was purposefully done to trick IE users into installing a scareware application that presents itself as an anti-malware program.

The Mozilla Firefox users were directed to a fake "whatsnew" page. After successful Firefox update, this page is displayed and the researchers noticed that they had come across several malware spreading efforts with the help of its fake copies to deceive users. In the present case, the page installs a scareware with a different MD5 hash each time it was refreshed, which was also quite unusual.

The users of Safari and Google Chrome landed on the pages with the help of Flash Player update lure. Both the pages had slight difference in their display, but they show an ActiveX-form of warning. It is quite ironic because none of the browsers support ActiveX.

As a result, experts have advised netizens to install good quality Internet security software to avoid these scareware campaigns.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 8/17/2010