In Brief
PC World: Hackers Rig Google to Deliver Malware
Attack infects PCs with spam senders, password stealers, and other kinds of nasty malware
By Erik Larkin, PC World
Third, the manipulated pages carried code that kept the attack sites from appearing in results if the entered search term included certain expressions that security researchers commonly use. For example, Eckelberry had recently written about using "inurl" and "site," two of the singled-out terms.
Despite Google’s steps to eliminate the impact of comment spam on its search result rankings, the use of SEO techniques is growing in the online criminal underground. And bad guys don’t employ the trick just to infect people’s PCs. WhiteHat Security chief Jeremiah Grossman says that whoever hacked Al Gore’s Web site recently added a link that could be seen only in the site’s source code.
The link, which pointed to an online pharmacy site, was designed to give the drug site more relevance. Grossman says that, according to underground contacts, the top result for "buy Viagra online" is worth about $50,000 a month.
How to Search Safely
Though this attack was crafty and effective, security experts say there’s no need to stop using Google, as long as you take some precautions. Most important: Keep your software patched and up-to-date. The attack sites used a programming kit called the "404 exploit framework," which hits known software vulnerabilities, says Roger Thompson, president of security software maker Exploit Prevention Labs. You can close most of the targeted holes by enabling the automatic-update features for Microsoft Windows, Mozilla Firefox, Apple QuickTime, and other critical software, but you should also update to the latest version of WinZip, a targeted program that doesn’t have an auto-update feature.
And don’t let your guard down just because your software is current. Attack sites will often employ social-engineering tricks when they can’t worm into your PC through software holes. On its blog, Sunbelt provides an image of a common attack pop-up that attempts to trick you into installing a fake video codec that then tries to exploit a vulnerable PC. Your sharp eye can also catch many of these bogus results before you click. Watch for seemingly garbled text such as "vpn passthrough sting maphack light Motorola" in the text snippet shown for each search result. If the listing is for an oddly named page such as "leuwusxrijke.cn/769.html," it could very well be a land mine.
Free downloads such as McAfee’s SiteAdvisor and Exploit Prevention Labs’ LinkScanner Lite identify potentially dangerous search results with small icons. And the leading commercial security software suites offer browser protection. Keep a close eye on what you click on, too, and you’ll keep search paranoia at bay, as Eckelberry has. "I’m a Google fanatic," he says. "I haven’t stopped using Google because of this."
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Log Management in a Cyber World
- Implementing Best Practices for Web 2.0 Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
