Tag Archives: exploiting

Search Engine Results – More Malware Surprises Than Ever!

google-logo Regardless of the fact that many of us are seasoned web surfers, and we tend to be cautious, we’re not likely to question a search engine’s output – and, we should.

Barracuda Labs 2010 Annual Security Report, released just days ago, should be an eye opener for those who blindly assume all search engine results are malware free. In fact, search engine malware has doubled since we last reported on this security issue in 2009.

Barracuda Labs most recent study, reviewed more than 157,000 trending topics and roughly 37 million search results on Bing, Google, Twitter and Yahoo. Overall research results indicated that cyber criminals have bumped up the level of search engine malware, as well as expanded their target market beyond Google.

Key highlights from the search result analysis include:

In June 2010, Google was crowned as “King” of malware, turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed.

As malware spread across the other search engines, the ratios were distributed more evenly by December 2010, with Google producing 38 percent of overall malware; Yahoo! at 30 percent; Bing at 24 percent and Twitter at eight percent.

The amount of malware found daily across the search engines increased 55 percent from 145.7 in June 2010 to 226.3 in December 2010.

One in five search topics lead to malware, while one in 1,000 search results lead to malware.

The top 10 terms used by malware distributors include the name of a Jersey Shore actress, the president, the NFL and credit score.

There’s little doubt that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

One more common method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

Unfortunately, since Cyber-crooks are relentless in their pursuit of your money, and in the worst case scenario your identity, you can be sure that additional threats are being developed or are currently being deployed.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Fact: Consumer confidence in the reliability of search engine results, including relevant ads, is seriously misplaced.

You can download the full Barracuda Labs 2010 Annual Security Report (PDF), at Barracuda Labs.

Update: March 5, 2011. The following comment illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Cyber Crime, Cyber Criminals, Don't Get Scammed, Don't Get Hacked, Free Internet Protection, Google, Interconnectivity, Internet Security Alerts, Malware Reports, Online Safety, Reports, Search Engines, System Security

Cyber Shopping on Black Friday? Six Tips From PandaLabs To Keep You Safe

imageCyber shopping on Black Friday can be very appealing – no lining up at midnight, no line ups at all, no risk of being trampled by unruly crowds, shop in your PJs if you like, “shopping around” and comparing prices is a snap, and the list of benefits goes on.

So, if you cyber shop, you may not face the risk of being trampled to death by an unruly crowd, or being shot to death by an angry shopper – both tragedies actually did happen on Black Friday, November 28, 2008. But, you will face substantial cyber security risks.

Staying safe while you cyber shop requires that you be much more wary, and that you understand that cyber crooks salivate at the opportunities Black Friday cyber shopping creates for exploiting the unwary and careless consumer.

Cyber shopping safely requires that you follow well established best practices that have proven to substantially reduce the risk of being victimized.

PandaLabs suggests holiday shoppers adhere to the following best practices this Friday and Monday, and throughout the holiday shopping season:

Avoid using search engines for locating special holiday deals. Criminals commonly turn to Blackhat SEO, which involves maliciously using search engine optimization around hot keywords to poison search engine results. Instead of using a search engine, go directly to reputable sites that you are familiar with. Screenshots of a recent malicious Black Friday search result is available at here.

Don’t click on embedded links in advertisement e-mails. E-mails that appear to be advertisements from legitimate vendors could be a well-disguised scam or malware attack. Chances are you’ll be able to find the same deal by going directly to the website in your favorite web browser.

Install all available operating system updates and patches. Cyber criminals are particularly skilled at exploiting critical vulnerabilities in operating systems and commonly used applications. Computer users are often silently redirected to a website with a carefully crafted malicious payload that leaves the computer infected with data-stealing malware or extortion-based threats. In addition to updating your system, PandaLabs strongly advises people to update Adobe Flash, Adobe Reader, and Java software, which are all commonly targeted by cyber criminals.

Don’t underestimate criminals. Cyber criminals have no limits, and will create fake advertisements, shopping carts, poison various search terms and more in order infect your computer and steal your personal data. If you’re unsure if a site is legitimate, run a search online to see if you can determine whether it’s widely known. If you can’t find details on a retailer, PandaLabs advises holiday shoppers to take their business elsewhere.

Only purchase from sites that offer secure browsing (SSL/https). You can tell if a site uses SSL/https if there is a padlock icon on the bottom corner or in the address bar of your browser. Some browsers like Internet Explorer and Chrome turn the address bar green to indicate that the site is secure. Even if a site uses SSL/https, remember that SSL only works to create a secure Internet tunnel between you and the e-commerce server. You can still transmit sensitive data over to cyber criminals, so it’s best to run frequent anti-malware scans.

Always use updated anti-malware protection. Despite growing awareness of today’s Web-borne threats, many people still don’t use even a basic anti-virus solution and leave themselves vulnerable to infections, data loss and identity theft. You can download Panda Security’s award-winning Panda Cloud Antivirus software, which is completely free, here.

About PandaLabs:

Since 1990, PandaLabs, the malware research division of Panda Security, has led the industry in detecting, classifying and protecting consumers and businesses against new cyber threats.

At the core of the operation is Collective Intelligence, a proprietary system that provides real-time protection by harnessing Panda’s community of users to automatically detect, analyze, classify and disinfect more than 63,000 new malware samples daily.

The automated classification is complemented by a highly specialized global team of threat analysts, each focused on a specific type of malware, such as viruses, Trojans, worms, spyware and other exploits, to ensure around-the-clock protection.

Learn more about PandaLabs and subscribe to the PandaLabs blog here. Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Cyber Shopping Tips, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Panda Security, PandaLabs, Safe Online Shopping Tips

Tibet Websites – A Hackers Paradise!

Security experts are warning that hackers are exploiting websites about Tibet, inserting malicious code to infect the PCs of unwary surfers.ScanSafe has warned that sites such as FreeTibet.org and SaveTibet.org have been exposed as the world watches the protests currently surrounding the Olympic torch’s journey across the world to Beijing.

Visitors to the homepages of these sites are redirected to a site that hosts a Trojan downloader which then attempts to infect the PC.

“Given the world’s attention on relations between China and Tibet ahead of the Olympics, it makes sense that these sites would be targeted as web surfers go online to learn more about Tibet and Tibetan independence,” said Spencer Parker, director of product management at ScanSafe.

He said that the attack appeared to have been the work of top-level hackers rather than amateur malware authors.

“These websites appear to have been specifically targeted as this is not a generic Trojan downloader. Someone or some group has gone to great trouble to rewrite the exploit and personalize it to the FreeTibet.org and SaveTibet.org websites,” Parker said.

Source: Web User (UK)

Share this post :

1 Comment

Filed under Interconnectivity, Internet Safety, internet scams, Malware Advisories, Online Safety, Phishing, Spyware - Adware Protection, Windows Tips and Tools