f5-nz logo
Story image

The dark side of search engines

04 Aug 2010

You use search engines. Everyone does. So legitimate websites use a technique know as SEO (search engine optimisation) to ensure that their sites are near the top when you search on a particular topic. But anything that works for honest people has to work even better for scam artists. Hence the growing threat from Black Hat SEO.

A particular juicy target are gamers, especially on social networks as ESET blogger David Harley reports. “Black-Hat SEO is used by malware authors to position the malicious links in the top results when a potential victim uses certain topical search terms. We’ve mostly seen this technique used to infect users of online games, and more recently, targeting to a much greater extent the many millions of users of social networks that play games.

“Malicious URLs turn up at or near the top of searches to do with gaming tricks, guides, weapons and a number of improvements, depending on the application. In addition, the text of the link promises user instant gratification and increase in gaming advantage, cultivating the attention of gamers who want to take shortcuts to achieve immediately what might take others days.

“Another technique that is in fashion is the development of what are passed off as hacks for social networking games. However, to achieve the promised advantages, the victim must execute a suspicious application or copy javascript code or a URL into a browser, resulting in the download of malicious software applications targeting millions of users of games such as FarmVille or Mafia Wars.” Ouch!

“ESET advises that users of these types of online applications use caution. Trying to get some gaming advantage through untrustworthy channels and resources may result in infection, and we advise you not to trust dodgy pages or applications if you come across them.”

But these cyber-creeps don’t just target gamers. Any time a major event occurs – earthquake, plane crash, even the world cup – malware writers don’t waste any time and cloak their nasty code inside benign-looking news sites. Bloggers at the Securityblog explain, “Over 13% of all searches on Google looking for popular and trending topics will lead to malicious links and searching for the latest news on the earthquake in Chile and the tsunami hitting Hawaii are no exception. Both are now used to lure people into downloading fake antivirus products.”


What? Malware purveyors shilling fake antivirus? One of the most ironic scams going has to be so-called ‘scareware’ or fake anti-virus software. You almost have to give these crooks points for sheer audacity. Blogger Anup Ghosh reports that, “Google researchers recently shed light on the extent of the Fake AV problem with a paper “The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution.” The Google team analysed 240 million web pages over a 13-month period (January 1, 2009 to January 31, 2010) and found 11,000 unique domains involved in Fake AV distribution.

“To give an indication of the rise in this threat, the number of domains harbouring Fake AV rose from 3% to 15% of all web-borne malware domains Google detected over the course of its study. Purveyors of Fake AV utilise BlackHat SEO techniques effectively to ensure users are directed to domains under their control when searching on popular topics. Google found that over 60% of the popular infection domains were Fake AV domains.

These guys move quick. “Another startling finding from the Google paper is the median lifetime for a Fake AV domain dropped dramatically from over 100 hours in early 2009 to under one hour in January 2010. This means that a malware site hosting a Fake AV may only last for less than an hour before it is taken down by its creator.” You’ve got to give them credit!

Just remember it’s a jungle out there so be careful.

Hacked together by Chillisoft NZ from various sources, blogs and ramblings including  David Harley (CITP FBCS CISSP), Senior Research Fellow, ESET LLC (developers of ESET NOD32 antivirus software).