Hackers Redirect Windows Live Search to Malicious Sites
Hackers have taken over Windows Live Search in Italy, according to some reports. Security experts at Sunbelt Software were taken to hackers' sites when they typed queries into the search engine, as reported by Pcpro.co.uk on March 8, 2007.
It appears that the malware creators have completely taken over the reins of Live Search in Italy. A huge 95% of the search results redirect to very nasty malicious code and exploit sites, wrote Alex Eckelberry, President of Sunbelt Software in a statement that Pcpro.co.uk published on March 8, 2007.
A similar issue confronted Google in the past, and now it is with Windows Live Search. The hackers have avoided interfering with Microsoft's servers; instead, they seem to use SEO tactics to capture the results emanating from specific keywords' searches. It has been found that searches like 'online multimedia encyclopedia', 'milan jacket', and 'online house insurance' present the surfer with a host of pungent sites.
According to the Symantec Security Response blog, the bad guys initially chose a large number of 'hot' keywords - words that related to everyone's utility or words that were popularly used on search engines.
The problem presently is that when a person searches a mixture of specific Italian keywords on the Windows Live portal, he or she will find a collection of unusual links within the search results. These unusual links were likely to establish relation with the Linkoptimizer gang (aka Gromozon), which perhaps imply the Gromozon gang managed to access and embezzle the Windows Live search results. They would manage to place their links in the beginning of the search results list, interpreted Elia Florio, engineer at Symantec Security Response in news that News.softpedia published on March 8, 2007.
Microsoft has still not been able to respond officially to the Gromozon gang's ability to manipulate the results that Live Search present in its hits by using a number of hot keywords.
Although Symantec has said that no domain actually host any malicious code currently, yet they are recording visitors' activities on the pages for the campaign's success could cause great concern.
Related article: Hackers Purloin Credit-Card Data From Wireless Networks
» SPAMfighter News - 20-03-2007