Google, Yahoo, and Microsoft MSN have unwittingly become the delivery engine for malware attacks. According to blog posts by Search Engine Journal and SunBelt Software, attackers are elevating the search result positioning of malware laced sites by populating web forms on large numbers of web sites with the malicious URLs. Using bots to accomplish the task, this elevates the rankings, meaning users unknowingly receive search results that may have links to infected sites. After clicking the link they are attacked and infected with a large variety of attacks. Here's an excerpt from the Search Engine Journal:
Hundreds of legitimate search phrases have already been found to pull up links near the top of the results listings that lead straight to the malicius sites. According to Sunbelt Software, they've already found 27 different domains, each containing up to 1,499 bad pages. That's about 40,000 potential pages, which is a pretty big number.
Security threats are like water; they travel the path of least resistance that follows gravity. Phishing has long been the avenue of attackers to gain an unfair advantage over unsuspecting end users. With the pervasiveness of search engine use, search engines are the watering hole of the Internet which everyone frequents. Infect the water supply and you broaden the net of potential victims.
If the problem becomes pervasive enough it could damage end users' trust in search engines. Retention of search results for commercial use, use by law enforcement, or just leaving an unwanted trail of tell tale search phrases has been a sticking issue for end users. I doubt the infected search results problem will lead to widespread mistrust as Google and others will modify their indexing and prioritization algorithms to avoid serving up infected sites.
What should you do? Make sure you have your AV and other operating system and browser malware software installed and up to date. If you have a site with a web form for comments and such, make sure it requires the end user enter a text string from a displayed graphic to help stop the bots. And don't click on search results without first checking out the link to see if it might contain something suspicious.
Like this? Here are more recent posts.
Virtualization Center - You heard it here first
Microsoft captures early momentum of Verizon's "open" wireless network
Our World is Gonna Change Again
Oracle Virtual Server Preaching to the Choir
Microsoft security "process" trumps Open Source "many eyes"Visit Microsoft Subnet for more news, blogs, opinion from around the Web.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Latest software headlines from Network World:
Google under pressure as App Engine requests rise
ISO approves PDF as an international standard
Mozilla's Firefox 3 sets geeky world record
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
