A Single Exploitable Website Capable of Tasks of Different Crime-gangs; Zscaler
Investigators from Zscaler claim to have uncovered that even one website with an exploit can prove helpful to several online-crime syndicates as each group modifies it for suiting specific purposes of their own.
Often, cyber-criminals hijack websites as also modify them so people accessing them can be taken onto domains capable of installing phony anti-viruses, an attack technique that of late is getting popular to yield the criminals handsome profits.
When cyber-crooks get hold over any target website, they apply BHSEO (Black-Hat Search Engine Optimization) tactic for driving visitor-traffic onto malevolent domains they already registered.
To explain BHSEO attacks, the Zscaler researchers said that there were 2 separate web-pages involved that were intended for separate audiences. One, apparently an innocuous spam page, targeted security scanners and Google-bot. This was done for obtaining the maximum returns possible, while having good rankings from Google, as also for eluding blacklists. The other, a redirect took audience onto a vicious URL, the researchers enumerated.
But, web-surfers can largely safeguard their computers from the above kinds of assaults if they merely apply plentiful commonsense in addition to effective security software. However, it's also necessary for website proprietors and operators to act appropriately such as at least regularly verify the websites for any probable unauthorized access, Zscaler suggests.
Several software products are also available with security agencies, which conduct automated inspections of domains, for determining the URLs' sanitization status, Zscaler adds.
Related article: A New "Blackmailing" Variant Creeps Around…
» SPAMfighter News - 03-05-2012