Cybercriminals Launching Black Hat SEO Campaigns on Korean Incident

Immediately after the world was notified regarding the artillery fire exchange among North and South Korea, black hat search engine optimization started taking the advantage of the incident by poisoning search related terms, as reported by Last Click News on November 23, 2010.

As per the reports, cybercrooks immediately poisoned all search queries related to the incident to circulate fake anti-virus program apart from the malware hidden as web browser updates and video codecs.

Security experts have found around nearly 12 infected domains on Google's top searches related to this incident. Few of the poisoned keywords include: North Korea attacks South Korea, Kim jong il, North Korea bombs South Korea, world war 3, Korean war, Korean news, and yeonpyeong island.

Scripts running in this malware circulation campaign utilize both pictures and trendy keywords to scrape text, presenting it in a way that is simply viewed by a search engine to help get a top ranking. Besides, they present it in a manner that will sound interesting to the humans, ultimately leading them to a malicious domain.

After a user gets redirected, and he uses Internet Explorer, his computer screen would be popped up with various fake anti-virus alerts and would be offered a download, which if installed, will cause numerous problems such as browser hijacking, slow performance, and loss of access to various parts of the computer.

While evaluating the recent BlackHat SEO attacks and the malicious domains, security experts stated that all domains were utilizing the same open source CMS software like, SMF and Joomla. In every instance, the software required an upgrade because of security patches.

Apart from the Korean incident, black hat SEO campaigns have also been launched for keywords related to various topics like, Miley Cyrus, Black Friday, and dancing with the Stars. Security experts have cautioned that every major incident or occurring provokes cybercriminals to launch such attacks. Primarily, cybercriminals take benefit of breaking news and trendy topics to get netizens click on spam e-mails or download malware.

Moreover, the users have been recommended that the best option to avoid such attacks is to stick to reliable news sources, and to search for more details only via Google News, which is protected from such kinds of information attacks.

Related article: Cheburgen.a: A New Email Worm

» SPAMfighter News - 12/3/2010