cancel
Showing results for 
Search instead for 
Did you mean: 

Internet Searches - Massive # of sites redirecting to malicious sites

:eek: Sunbelt posted this cautionary note today noting that folks should be careful when selecting links provided from an Internet search. One theory for the seeding might be malicious links posted in blogs, forums or other community sources? Given the dangers of email and hostile URLs, it's important for folks to stay as up-to-date as possible on security patches, AV protection, and old fashioned common sense

BREAKING: Massive amounts of malware redirects in searches
http://sunbeltblog.blogspot.com/2007/11/breaking-massive-amounts-of-malware.html

QUOTE: We’re seeing a large amount of seeded search results which lead to malware sites. These are using common, innocent terms — one researcher landed on a malware site through searching for alternate firmware for a router.
5 Replies

RE: Internet Searches - Massive # of sites redirecting to malicious sites

This post by a fellow MVP shares what to be on the lookout for:

http://msmvps.com/blogs/spywaresucks/archive/2007/11/27/1359221.aspx

QUOTE: Take a close look at the URLs for the malware links; they are all random collections of letters and numbers, and they're all Chinese domains. Users of Google (and other web search engines) need to pay close attention to the links that are being offered, and avoid anything that just doesn't look right, and certainly avoid 'nonsense' domains like those in the Sunbelt screenshots.

RE: Internet Searches - Massive # of sites redirecting to malicious sites

Good news = Google has filtered out these malicious sites from it's indexes
Bad news = These malicious sites are still out there on the Internet

Google fixes Malicious redirects to malware sites from it's search results

The malicious redirecting sites are still present and folks need to be cautious at all times. The improved filtering should help reduce the likelihood of hostile sites being returned on the 1st few pages of a search.

Google expunges malware sites from search results
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9049820

QUOTE: Google Inc. has purged its index of the thousands of malware sites that wormed their way into results lists for hundreds of legitimate search phrases, researchers confirmed today.

"They look gone to us," said Alex Eckelberry, the CEO of Sunbelt Software, the company that broke the news Monday of a massive, coordinated campaign by attackers to spread malware through search results on Google, Yahoo, Microsoft Live Search and other sites.

RE: Internet Searches - Massive # of sites redirecting to malicious sites

This article provides a good update related to malicious links being embedded in returned search results. Folks should always avoid unusual links and keep AV/FW protection up-to-date. The current malicious links have domain names ending in "cn" (representing China, although they could be hosted from anywhere and this could change as this sophisticated attack continues).

VIRUS EXPERTS WARN OF 'GOOGLE POISONING'
http://redtape.msnbc.com/2007/12/virus-experts-w.html

QUOTE: You might want to take an extra half-second the next time you click on search engine results to make sure you know where you're going. Computer criminals have refined a sinister technique for tricking Web surfers into clicking on infected Web pages, turning search engines like Google into unwitting partners.
It's known as “Google poisoning,” because Google is the biggest target, but it can impact any search engine. Criminals construct booby-trapped Web pages, then dupe search engines into giving them high rankings.

A Google spokeswoman who declined to be identified said the company is aware of the problem and working to keep its results clean. "Google works hard to preserve the quality of our index,” the company said in a statement. “We actively identify sites that serve malware or abuse our quality guidelines in other ways."

No one knows how successful the tactic is, though Eckelberry points out the criminals wouldn't keep doing it if it didn't work. Still, even an attack of 40,000-50,000 fake Web sites still represents an infinitesimal portion of the sites in Google's index, making the odds of any individual consumer encountering a poisoned Google link still quite small. "I don't want people to get scared of Google," he said. “Google is impressive with how quickly they remove bad sites.”
Grif
Level 10
Report Inappropriate Content
Message 5 of 6

RE: Internet Searches - Massive # of sites redirecting to malicious sites

This is just another reason to use a good, extensive HOSTS file. It's not perfect but certainly helps block some of those "bad" redirected URLs. The HOSTS file I'm using currently has hundreds of *.cn sites blocked and as new "bad" sites are discovered, they're added to the list.

Hope this helps.

Grif

Grif shares excellent advice on HOSTS file add-in protection

Thanks Grif for sharing that important tip happy ... Sharing a few links below:

http://www.google.com/search?hl=en&q=hosts+file
http://en.wikipedia.org/wiki/Hosts_file
http://www.mvps.org/winhelp2002/hosts.htm
http://www.mvps.org/winhelp2002/hostsfaq.htm

"127.0.0.1 - There's no place like home" wink