According to Symantec, criminals compromise web servers hosted by well-known hosting providers and infect them with malware that generates poisoned links by associating the domains of known compromised web hosts with search terms from Google Trends.
The criminals are able to push their results up higher in the Google results page by leveraging the fact that Google ranks search results of domains that are more ‘interconnected’ higher, according to Symantec.
Once you click their poisoned search results you are re-directed to a fake AV (antivirus) site. The goal, as ever, is to get their bogus software out to as many victims as possible, and the excitement around the World Cup presents a golden opportunity.
Fake web pages are often designed to look like the user interfaces of Windows XP, Vista and Windows 7. After the users run the fake scan, they are offered a file named packupdate[RANDOM NUMBER]_195.exe to eliminate the problems and malware that were allegedly present.
Symantec's researchers have noticed that search engines such as Google are doing a good job at flagging and filtering out poisoned search terms from their search results. However, football fans are warned to be careful when searching for official World Cup 2010 information and advised to stick to legitimate news sites.
No comments:
Post a Comment