Thursday, January 31, 2008

Hackers Rig Google to Deliver Malware


The latest malware trend should prompt you to think twice about the links you click next time you search.


Erik Larkin, PC World
Monday, January 28, 2008 12:00 PM PST


If last November you googled one of thousands of innocuous and common search terms, such as "Microsoft excel to access" or "how to teach your dogs to fetch," you were in line for an Internet attack that infects PCs with spam senders, password stealers, and other kinds of nasty malware.

Beginning on November 24 and continuing for less than a week, bad guys loaded up more than 40,000 Web pages with malicious software and thousands of common search terms. They then employed an automated network of malware-infected computers--known as a botnet--to link to those sites in blog-comment spam and other places. The mentions elevated the position of the poisoned sites in search results, often to the first page.

"Click Here for Free Attack"

The malicious sites had no useful information. Instead, a simple click on a link to such a site in the search results was enough to launch attacks against your PC. If the attack found any of a number of vulnerabilities in a range of programs, it would load.

"This was a massive wave," says Alex Eckelberry, president and CEO of security firm Sunbelt Software. Read more

No comments: