Tag Archives: fake search results

Computer Infection? – Search Engine Links Might Be The Culprit

image Search engines, including Google, do a relatively good job of scanning their index for potentially dangerous sites. Nevertheless, scanning does not detect all potentially dangerous sites – not even close.

According to Dasient, a Web Anti-malware developer – using a proprietary malware analysis platform, which gathers data on web-based malware attacks from across the web, they concluded that more than 560,000 Web sites, and 5.5 million pages, were infected with malware in the fourth quarter of 2009.

Keep in mind that these infected sites and pages have, in most cases, been indexed by search engines.

We should all be aware by now, that cybercriminals are masters at seizing opportunity, and in the current environment, Internet search engine results provide just that.

Consider this: if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive.

image

This is an image of Google search results that link to malware infected sites, courtesy of Sunbelt Software.

Paradoxically, it’s because current anti-malware solutions are more effective than they have ever been in detecting worms and viruses, that we’re now faced with yet another form of insidious attack – the drive-by download, resident on many of these compromised sites.

Drive-by downloads, which don’t require user action to create an infection, are not new; they’ve been lurking around for years it seems, but they’ve become much more common, as these statistics indicate.

Given that search engine results can be manipulated in this way (see “Search Engine Results – Malware Heaven!” on this site), it’s reasonable to ask the question – why aren’t more typical Internet users aware of this situation?

The obvious answer is – search engines make little or no effort to educate their users in the risks involved in relying on search results, or advertisements, appearing in their applications.

As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads, is seriously misplaced.

Fact: The ongoing failure to protect the Internet, which by definition is an open network, will continue to expose users to substantial penalties; ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence, and more.

I’ve said it before, and I’ll say it again – an argument can be made, that the Internet has turned into a playground for cyber-criminals.

So will search engine providers address the issues described in this article? Sure, but only when outraged consumers finally force them to. Great business model!!

To reduce the chances that you will be victimized by malicious search engine results, you should consider installing WOT, which in my view, is the best Internet browser protection available. WOT, a free browser add-on, is designed to warn you of unsafe, or malicious links.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Browser add-ons, Don't Get Scammed, Don't Get Hacked, Firefox Add-ons, Freeware, Internet Explorer Add-ons, Internet Safety, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Safe Surfing, Software, Windows Tips and Tools, WOT (Web of Trust)

ErrorRepairTOOL Computer Infection? – Blame Your Search Engine!

If you want to be a successful scam artist/cyber crook, you need to; look the part, act the part, offer a product that appears genuine, and perhaps most importantly – advertise in readily available and trusted media.

So, if you want to succeed in the $105 BILLION “Internet shadow economy”, as my good friend TechPaul calls it, advertising on an Internet search engine could be a major step in helping you reach your goals.

Why an Internet search engine? Well, if one were to poll a group of typical Internet users as to the safety and reliability of search engine results, including the pervasive ads that search engines sprout; there is little doubt that the answer would be positive. In a sense search engines impart instant legitimacy.

Part of the process of offering a product that appears to be genuine, would include producing and promoting a Web site that instills confidence in those unlucky enough to click on your ad such as the site pictured below for ErrorRepairTOOL, a notoriously misleading application .

Error Report Tool Page

But hold on! Given that search engine results can be manipulated (see “Search Engine Results – Malware Heaven!” on this site), it is reasonable to ask the question – why aren’t typical Internet users aware of this situation?

The obvious answer is – search engines make little or no effort to educate their users in the risks involved in relying on advertisements appearing in their applications. As a consequence, the typical user I come into contact with believes search engine output to be untainted, and free of potential harmful exposure to malware.

Fact: Consumer confidence in the strength and reliability of search engine results, particularly ads is seriously misplaced.

For example ErrorRepairTOOL (the site pictured earlier), a “scareware” application developed to mislead uninformed computer users’ into downloading and paying for the “full” version of this bogus software, based on the false positives generated by the application, has been “advertised” for months on a number of leading search engines.

I shudder when I think of the huge numbers of surfers who have suffered the consequences of accepting a download of this misleading application.

If you are one of the unlucky computer users’ who is struggling with the chaos caused by this “scareware”, visit 411-spyware.com, a great site that specializes in helping those who have been manipulated into installing Rogue software.

Fact: Failure to protect the Internet, which by definition is an open network, has substantial penalties ranging from productivity decreases, infrastructure compromise, to a failure in consumer confidence and more.

I’ve said it before and I’ll say it again – an argument can be made, that the Internet has turned into a playground for cyber-criminals.

So will search engine providers address the issues described in this article? Sure, but only when malicious hackers finally force them to. Great business model!!

5 Comments

Filed under Don't Get Hacked, Interconnectivity, internet scams, Malware Advisories, Online Safety, Rogue Software, Safe Surfing, Software, System Security, Windows Tips and Tools

PandaLabs Reports on Search Engine Manipulation Attack against Ford

Recently, in this space, I discussed the issue of the manipulation of search engine results, and the seeding of websites among the top results returned by these engines.

Indeed, cyber crooks are continuing to increase the use of custom-built websites designed to drop malicious code on computers, coupled with the manipulation of legitimate pages in order to infect users with malware.

PandaLabs Blog has just posted an informative article on this issue “Targeted Blackhat SEO Attack against Ford Motor Co.” in which the author Sean-Paul Correll, discusses Panda’s discovery of over 1 Million seeded links all targeting the Ford Motor Company.

Included, as part of this article, is a video demonstrating how these types of attacks work. In my view, this is a must read for security conscious users.

clip_image002

4 Comments

Filed under Don't Get Hacked, Interconnectivity, Internet Security Alerts, Malware Advisories, Rogue Software, Spyware - Adware Protection, Windows Tips and Tools

Search Engine Results – Malware Heaven!

google-logo Since many of us now have access to GPS, finding the way to Grandma’s house (if you’re Little Red Riding Hood) has never been easier.

Not many of us would question the output of a GPS inquiry since it is a technology we are familiar and comfortable with.

An even more familiar technology to the seasoned web surfer is the Internet search engine, and just like most familiar technologies we are comfortable with, we are not likely to question a search engines output.

The question is though, should we question the output? How sure are we that the results are untainted and free of potential harmful exposure to malware or worst?

Recent comments on this issue in Panda Security’s Oxygen 3 E-bulletin on IT security, indicates that Cyber-crooks continue to be unrelenting in their chase to infect web search results. According to Panda “there is a steady increase in the use of custom-built websites designed to drop malicious code on computers, or even the manipulation of legitimate pages in order to infect users with malware.”

PandaLabs maintains that cyber-crooks have begun to opt for a new technique: the manipulation of search engine results, or seeding websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Cyber crime 2

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines. Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

One more common method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

Unfortunately, since Cyber-crooks are relentless in their pursuit of your money, and in the worst case scenario your identity, you can be sure that additional threats are being developed or are currently being deployed.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

The following are actions you can take to protect your computer system, your money and your identity:

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

This anti virus app is a real fighter, scanning files on demand and on access, including email attachments. Let’s you know when it detects mal-ware through its shield function. An important feature is a boot-time scan option which removes mal-ware that can’t be removed any other way.

AVG Anti-Virus Free Edition

Similarly, this program scans files on access, on demand, and on schedule. Scans email; incoming and outgoing. For those on Vista, your in luck, it’s Vista-ready. I have been using this application since its release and it now forms part of my front line defenses. I recommend this one highly.

Ad-Aware

In my view, Ad-Aware is the best free adware remover available. It does a relatively good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version; real-time protection is not included.

ThreatFire

ThreatFireblocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Comodo Firewall Pro

The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

WinPatrol

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs.

You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Sandboxie

Surfing the Internet without using Sandboxie is, to me, like jumping out of an airplane without a parachute. Deadly! This application creates a “Sandboxed” protected environment on your machine within which you browse the net.

Data that is written to your hard drive is simply eliminated, (or not, your choice), when the sandbox is closed. Utilizing this application allows you to surf the web without the risk of infecting your system with mal-ware or other nasties. This is another security application I have been using for over 6 months and it has yet to let me down. Highly recommended.

Snoop Free Privacy Shield

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. If you’re serious about privacy, this is a must have addition to your security toolbox. Unfortunately this application does not operate under Vista.

A big thank you to Dave Brooks, a professional techie from New Hampshire, and a frequent guest writer on this site, for reminding me that this very real security problem has not gone away.

Checkout Dave’s last article “Let’s Talk About Backups”, which was a huge hit on this site.

12 Comments

Filed under Don't Get Hacked, Free Security Programs, Freeware, Interconnectivity, Internet Safety, Malware Advisories, Online Safety, Safe Surfing, Search Engines, Software, Spyware - Adware Protection, Windows Tips and Tools

Can You Trust Search Engine Results? – Maybe Not

Web of Trust Warning Screen Since many of us now have access to GPS, finding the way to Grandma’s house (if you’re Little Red Riding Hood) has never been easier. Not many of us would question the output of a GPS inquiry since it is a technology we are familiar and comfortable with.

An even more familiar technology to the seasoned web surfer is the Internet search engine, and just like most familiar technologies we comfortable with, we are not likely to question a search engines output.

Web of Trust Warning Screen

The question is though, should we question the output? How sure are we that the results are untainted and free of potential harmful exposure to malware or worst?

Recent comments on this issue in Panda Security’s Oxygen 3 E-bulletin on IT security, indicates that Cyber-crooks continue to be unrelenting in their chase to infect web search results. According to Panda “there is a steady increase in the use of custom-built websites designed to drop malicious code on computers, or even the manipulation of legitimate pages in order to infect users with malware.”

PandaLabs maintains that cyber-crooks have begun to opt for a new technique: the manipulation of search engine results, or seeding websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines. Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

One more common method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

Unfortunately, since Cyber-crooks are relentless in their pursuit of your money, and in the worst case scenario your identity, you can be sure that additional threats are being developed or are currently being deployed.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system, your money and your identity:

  • Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams
  • Don’t open unknown email attachments
  • Don’t run programs of unknown origin
  • Disable hidden filename extensions
  • Keep all applications (including your operating system) patched
  • Turn off your computer or disconnect from the network when not in use
  • Disable Java, JavaScript, and ActiveX if possible
  • Disable scripting features in email programs
  • Make regular backups of critical data
  • Make a boot disk in case your computer is damaged or compromised
  • Turn off file and printer sharing on the computer
  • Install a personal firewall on the computer
  • Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
  • Ensure the anti-virus software scans all e-mail attachments
  • Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

This anti virus app is a real fighter, scanning files on demand and on access, including email attachments. Let’s you know when it detects mal-ware through its shield function. An important feature is a boot-time scan option which removes mal-ware that can’t be removed any other way.

AVG Anti-Virus Free Edition 8.0.1

Similarly, this program scans files on access, on demand, and on schedule. Scans email; incoming and outgoing. For those on Vista, your in luck, it’s Vista-ready. I have been using this application since its release and it now forms part of my front line defenses. I recommend this one highly.

Ad-Aware 2007

In my view, Ad-Aware 2007 Free is the best free spyware and adware remover available. It does a relatively good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version; real-time protection is not included.

ThreatFire 3

ThreatFire 3 blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Comodo Firewall Pro

The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 6 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

WinPatrol

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Sandboxie

Surfing the Internet without using Sandboxie is, to me, like jumping out of an airplane without a parachute. Deadly! This application creates a “Sandboxed” protected environment on your machine within which you browse the net. Data that is written to your hard drive is simply eliminated, (or not, your choice), when the sandbox is closed. Utilizing this application allows you to surf the web without the risk of infecting your system with mal-ware or other nasties. This is another security application I have been using for over 6 months and it has yet to let me down. Highly recommended.

Snoop Free Privacy Shield

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. If you’re serious about privacy, this is a must have addition to your security toolbox. Unfortunately this application does not operate under Vista.

1 Comment

Filed under Anti-Malware Tools, Browser add-ons, Email, Firefox Add-ons, Free Security Programs, Freeware, Interconnectivity, Internet Explorer Add-ons, Internet Safety, Internet Safety Tools, internet scams, Malware Advisories, Online Safety, Safe Surfing, Search Engines, Software, Spyware - Adware Protection, System Security, Windows Tips and Tools