Search Engine Malware – The Same Old, Same Old

In the News within the past 3 days –

Web security firm Armorize – over 6 million e-commerce web pages have been compromised in order to serve malware to users.

Ed Bott Report – criminal gangs that specialize in malware love search engines, because they represent an ideal vector for getting Windows users to click on links that lead to potentially dangerous Trojans. The latest attack targets ads, and the social engineering is frighteningly good.

Not in the News –

The specifics may be news but, this particular malware attack vector is so old I’m surprised that more Internet users aren’t aware of it. No, I take that back – based on a conversation I had just last night.

Me: “So, what antimalware applications are you currently running?”

She: “Well, I can cut and paste and I can get on the Internet, but I don’t worry about all that other stuff. I don’t understand it anyway.”

I’m well past the point where I allow myself to show surprise when I hear this type of response – it’s just so typical. Given that level of knowledge, it’s hardly surprising then, that consumer confidence in the reliability of search engine results, including relevant ads, is taken for granted.

I’ve yet to meet a typical user who would consider questioning a search engine’s output as to its relevant safety.  It’s been my experience, that typical Internet users blindly assume all search engine results are malware free.

This, despite the reality that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

Here’s how the cyber crooks do it:

When a potential victim visits one of these infected sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The following comment (posted here March 15, 2011), illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Kate Middleton Scam – Working Like A Charm!

If you’re a regular reader here, I don’t have to belabor the point and remind you, that significant numbers of Internet users are often unaware of the very real dangers that search engine results hold for their safety, security and identity.    You’re well aware that many are blissfully unaware of the hidden dangers on the Internet, and seem to have a natural tendency to “just click”.

Here’s a perfect example.

Several days ago, I posted an article – Kate Middleton Nude – As If! – knowing full well, that the article would draw scores of careless users to it – all looking for a titillating experience. A perfect opportunity to teach an Internet safety lesson. I wasn’t disappointed, as the following screen shot of search engine stats from this site, illustrates.

Hundreds of additional search terms (too many to show), included – catherine middleton nude, kate middleton revealing pictures, william and kate nude, kate middleton naked, kate middleton naughty photos, a picture of kate meddliston naked, kate middleton sextape ……..”kate middleton” nude or breast or bikini – I think you get the picture.

By the end of the day, yesterday – 2,000+ potential victims visited this post…

and an additional 900+ so far, today.

All of this reminds me of an article I wrote in July 2009 – Hey Sucker – Read This! Michael Jackson’s Not Dead! – which drew 1,000s of visitors. Most of whom were unaware that the events surrounding Jackson’s death were being leveraged by cyber crooks to drop malware on unsuspecting surfers machines.

A similar scenario is being played out here. Cyber crooks are using, as they always have, a provocative and tempting attention grabber as a hook to reel in the unwary and undereducated Internet surfer.

Since this site has a high Google Page Rank rating, the search string “kate middleton nude”, is in second place in Google search results out of 3 Million plus. I’d like to think, that those lucky few, who clicked on – Kate Middleton Nude – As If! – have a developed a heightened sense of awareness of cyber criminal manipulation of current events.

I’d like to think that – but, I doubt it. I’m convinced that the potential victims who clicked on this article, went on clicking elsewhere in their hunt for the non-existent. Without a doubt, some are now dealing with malware infections.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Search Engine Results – More Malware Surprises Than Ever!

Regardless of the fact that many of us are seasoned web surfers, and we tend to be cautious, we’re not likely to question a search engine’s output – and, we should.

Barracuda Labs 2010 Annual Security Report, released just days ago, should be an eye opener for those who blindly assume all search engine results are malware free. In fact, search engine malware has doubled since we last reported on this security issue in 2009.

Barracuda Labs most recent study, reviewed more than 157,000 trending topics and roughly 37 million search results on Bing, Google, Twitter and Yahoo. Overall research results indicated that cyber criminals have bumped up the level of search engine malware, as well as expanded their target market beyond Google.

Key highlights from the search result analysis include:

In June 2010, Google was crowned as “King” of malware, turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed.

As malware spread across the other search engines, the ratios were distributed more evenly by December 2010, with Google producing 38 percent of overall malware; Yahoo! at 30 percent; Bing at 24 percent and Twitter at eight percent.

The amount of malware found daily across the search engines increased 55 percent from 145.7 in June 2010 to 226.3 in December 2010.

One in five search topics lead to malware, while one in 1,000 search results lead to malware.

The top 10 terms used by malware distributors include the name of a Jersey Shore actress, the president, the NFL and credit score.

There’s little doubt that the manipulation of search engine results, exploiting legitimate pages, and the seeding of malicious websites among the top results returned by search engines in order to infect users with malware, is a continuing threat to system security.

When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines.

Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

One more common method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

Unfortunately, since Cyber-crooks are relentless in their pursuit of your money, and in the worst case scenario your identity, you can be sure that additional threats are being developed or are currently being deployed.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams

Don’t open unknown email attachments

Don’t run programs of unknown origin

Disable hidden filename extensions

Keep all applications (including your operating system) patched

Turn off your computer or disconnect from the network when not in use

Disable Java, JavaScript, and ActiveX if possible

Disable scripting features in email programs

Make regular backups of critical data

Make a boot disk in case your computer is damaged or compromised

Turn off file and printer sharing on the computer

Install a personal firewall on the computer

Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet

Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

Fact: Consumer confidence in the reliability of search engine results, including relevant ads, is seriously misplaced.

You can download the full Barracuda Labs 2010 Annual Security Report (PDF), at Barracuda Labs.

Update: March 5, 2011. The following comment illustrates perfectly the issues discussed in this article.

Funny you write about this today. I was reading about the spider issue Mazda was having and wanted to know what the spider looked like so I Googled it, went to images and there it was. There was also a US map that had areas highlighted, assuming where the spiders exist, and before I clicked on the map I made sure there was the green “O” for WOT for security reasons.

I clicked on the map and BAM I was redirected instantly and hit w/ the “You have a virus” scan malware. I turned off my modem then shut my computer off. I restarted it and scanned my computer w/ MS Security Essentials and Super Anti Spyware. MS Essentials found Exploit:Java/CVE-2010-0094.AF, and Trojan:Java/Mesdeh and removed them. I use WOT all the time, but now I’m going to be super cautious.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Create Web-Savvy Images with PhotoPlus 6 – Free

SerifSoftware puts an interesting and unusual twist to the usual “try this application for free for 30 days” we are all pretty familiar with. Serif releases older versions of their current software for download at no cost, to entice at least some users to upgrade to current versions of their popular software.

Despite the slightly dated appearance of SerifSoftware’s PhotoPlus 6, this is not an ‘old’ program that’s been revived just for give-away. PhotoPlus is still an amazing photo editing application that enables you to fix and enhance digital photos, create bitmap graphics and in a neat twist, create web animations.

With PhotoPlus, you can easily adjust brightness and contrast, color balance, remove red-eye and make numerous other image editing adjustments and enhancements.

And here’s the “Plus” – You’ll find a large number of tools for creating web-savvy images. As well, a collection of web animation tools will help you import and export GIF files.

You can even let PhotoPlus do all the hard work and create animations for you. Image slicing tools are another web feature that is surprising in a free package. With these tools you can sub-divide an image into invisible segments, each of which can then be given a hyperlink and popup window.

Alternatively, you can add hotspots to your web page. Because of its simple layout, this is an easy program to work with, especially for those with little or no previous experience.

Quick Facts:

Creative Tools – Enhance your images with easy-to-use creative tools, such as paintbrush, airbrush, clone, smudge and erase – adjustable brush settings include size, shape, softness and fade.

Layer Effects – Apply bevels and drop shadows to create sophisticated-looking text and images. Use the layer manager to add to and enhance images without affecting the originals.

Digital Darkroom – Adjust brightness, contrast, sharpness, color hue, saturation, remove red-eye and more. Enhance, repair and tweak your photos for great results.

Deform Tool – The versatile Deform tool lets you rotate, resize, skew, reshape and add perspective to any selection or layer.

Text – Add editable, deformable text to your images and further enhance your text with drop shadows and bevel effects.

Animation – Create your own animated GIFs.

Web Images – Divide images into individual sections that can be clicked on to link to other web pages and websites, just like text hyperlinks. PhotoPlus 6 creates all the HTML code ensuring your images appear properly.

Export Optimizer – Simultaneously view up to four previews that display the relationship between image file size and quality, making it easy to decide how to save and export images for every purpose.

QuickShapes – Add ready-made, customizable QuickShapes to your images. Choose from a range including speech bubbles, starbursts and spirals.

System requirements: Windows 95/98/Me/NT/2000/XP

Download at: SerifSoftware

Free Photo Editing "Plus" – SerifSoftware’s PhotoPlus 6

SerifSoftware puts an interesting and unusual twist to the usual “try this application for free for 30 days” we are all pretty familiar with.

Serif releases older versions of their current software for download at no cost, to hopefully entice at least some users to upgrade to current versions of their popular software.

Despite the slightly dated appearance of SerifSoftware’s PhotoPlus 6, this is not an ‘old’ program that’s been revived just for give-away. PhotoPlus is still an amazing photo editing application that enables you to fix and enhance digital photos, create bitmap graphics and even web animations.

With PhotoPlus, you can easily adjust brightness and contrast, color balance, remove red-eye and make numerous other image editing adjustments and enhancements.

And here’s the “Plus” – You’ll find a large number of tools for creating web-savvy images. As well, a collection of web animation tools will help you import and export GIF files. You can even let PhotoPlus do all the hard work and create animations for you.

Image slicing tools are another web feature that are surprising in a free package. With these tools you can sub-divide an image into invisible segments, each of which can then be given a hyperlink and popup window. Alternatively, you can add hotspots to your web page.

Because of its simple layout, this is an easy program to pick up and work with, especially for those with little or no previous experience.

Quick Facts:

Creative Tools – Enhance your images with easy-to-use creative tools, such as paintbrush, airbrush, clone, smudge and erase – adjustable brush settings include size, shape, softness and fade.

Layer Effects – Apply bevels and drop shadows to create sophisticated-looking text and images. Use the layer manager to add to and enhance images without affecting the originals.

Digital Darkroom – Adjust brightness, contrast, sharpness, color hue, saturation, remove red-eye and more. Enhance, repair and tweak your photos for great results.

Deform Tool – The versatile Deform tool lets you rotate, resize, skew, reshape and add perspective to any selection or layer.

Text – Add editable, deformable text to your images and further enhance your text with drop shadows and bevel effects.

Animation – Create your own animated GIFs.

Web Images – Divide images into individual sections that can be clicked on to link to other web pages and websites, just like text hyperlinks. PhotoPlus 6 creates all the HTML code ensuring your images appear properly.

Export Optimizer – Simultaneously view up to four previews that display the relationship between image file size and quality, making it easy to decide how to save and export images for every purpose.

QuickShapes – Add ready-made, customizable QuickShapes to your images. Choose from a range including speech bubbles, starbursts and spirals.

Download at: SerifSoftware