Search Engine Results – Not to be Trusted!

It’s been more than a year since I last reported on fake search engine results, and in that time, this Internet scam has not gone away, but it did seem to develop a lower profile.

Despite developing this lower profile, cyber-crooks continued to be unrelenting in their chase to infect web search results. Recently, there has been a resurgence in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.

A new grouping of 200,000+ compromised sites has been discovered, all of them redirecting to fake security software. The following graphic (courtesy of Cyveillance Blog), shows an attack underway.


As is usual with this type of redirection, when a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.

The following graphic (courtesy of Cyveillance Blog), illustrates 260,000 sites, they discovered, which will redirect.


Redirection exploit process:

Generally, there are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

It’s often difficult to determine who the cybercriminals responsible for specific attacks of this type are, but not in this case. Researchers have concluded the infamous Koobface gang are responsible.

Regular readers are aware that we repeat the following advice regularly, but it’s worth repeating.

Keep all applications (including your operating system) patched.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.

Turn off your computer or disconnect from the network when not in use.

Disable Java, JavaScript, and ActiveX if possible.

Disable scripting features in email programs.

Make regular backups of critical data.

Make a boot disk in case your computer is damaged or compromised.

Turn off file and printer sharing on the computer.

Install a personal firewall on the computer.

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

Ensure the anti-virus software scans all e-mail attachments.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under Browser add-ons, Don't Get Scammed, Don't Get Hacked, Firefox Add-ons, Internet Explorer Add-ons, Internet Security Alerts, Malware Advisories, Online Safety, Rogue Software, scareware, System Security, Windows Tips and Tools

7 responses to “Search Engine Results – Not to be Trusted!

  1. Pingback: TECHNOLOGY - Mobile malware epidemic way - CGI BIZ: Technology Updates

  2. rhh

    As a recent victim of an infected link on Goggle, and having previously installed the new Panda Cloud anti-malware service, I wonder why Panda could not stop the auto loader malware as the malware certainly was in circulation longer than the 6 minutes Panda touts as their ability to mark a malware and neutralize it. I would add that not even the WOT had marked the infected link as unsafe.

    Also, I hope Firefox can give us a way to selectively stop the browser from restoring a session and restarting an infected web site after having shut down a computer.

    I also wonder, probably in my ignorance, why Goggle cannot get the links in their system screened to prevent or at least minimize malware from being passed forward to the users. If Cyveillance Blog can screen and find 250,000+ problem sites, cannot Google do the same and counter attack somehow? It honestly seems like major players like Google and others also have a stake and responsibility to work at getting the malware out of their links before we run into them, no matter how hard we work at avoiding problems.

    • Bill Mullins

      Hi RHH,

      Your comment and questions are so important that I have just written an article in which I have incorporated it, and another reader’s comment.

      BTW, take a look at the Firefox addon Configuration Mania, which will give you the control you want to stop “session restore”.

      thank you for your comment.



  3. Pingback: Tweets that mention Search Engine Results – Not to be Trusted! « Bill Mullins’ Weblog – Tech Thoughts --

  4. Pingback: Internet Dangers – Real Life Stories « Bill Mullins’ Weblog – Tech Thoughts

  5. RHH

    Thanks a million, Dr. Bill, for the tip on Configuration Mania, it is now installed here. And thanks for profiling the issues, hopefully some major players, like Google, will listen if the drum beat gets loud enough.

    Did you notice in this week’s (Nov. 23rd) Time Magazizne,” Technology Roundtable”, (pg 95), quotes four “Tech-xperts” about the future of technology. All of the gentlemen quoted mentioned something about internet uses they think are hot and upcoming. But none of them made mention of the quagmire the internet is becoming because of malware. Only one of the four mentioned privacy as a concern. If the “experts” don’t recognize the problem, how bad does it have to get before an internet crisis happens? Guess we’ll see eventually.

    I notice that almost all the new computers touted this Thanksgiving week by retailers come with AV trial program kits. I certainly hope that buyers can stay on top of their AV programs successfully. It seems, however, like all I hear/read about is the increases in multiple forms of malware that most average users are clueless about. Once “destroy-ware” invades enough new Win7 units we will no doubt hear about the complaints and endless customer service calls.

    And, I wonder why the Win7- OS provided units don’t all come with MS Security Essentials (MSSE) preinstalled or at least recommended ? I think it’s laudable that MS has developed MSSE, and I hope it lives up to it’s promises. I fear it has a high wall to climb just to keep up. But at least MS made a decision to defend their customers with something, which is more than folks at Google and elsewhere have apparently even thought about. Conversely, I wonder if the Google chrome OS is their future answer to keeping a user secure and able to use their services? Or will hackers find a way to attack their cloud, and if so, what’s next?

    Oh well, Happy Thanksgiving, and an apple cider toast to the great work you do for all of us out here. Regards, RHH.

    • Bill Mullins

      Hi RHH,

      Sorry, I’m a day behind here.

      I did see the Time mag article you refer to, and I had the same response you did. These so called experts, are what I call “surface lookers” – at the end of the day, they have no idea what they are talking about. They need to take a trip into the real world. Currently, I’m working on an article describing (in my view), why the mainstream media ignore the current realities of the Internet.

      On the trial versions of AV’s on new machines – it’s another coincidence that I’m working on an article describing why trial AV’s are a BAD idea. The number of users who let these things expire and still think they are protected, is staggering.

      As always, thank you for your input.