It’s been more than a year since I last reported on fake search engine results, and in that time, this Internet scam has not gone away, but it did seem to develop a lower profile.
Despite developing this lower profile, cyber-crooks continued to be unrelenting in their chase to infect web search results. Recently, there has been a resurgence in the use of custom-built Websites designed to drop malicious code on computers, and in the manipulation of legitimate pages in order to infect computers with malware.
A new grouping of 200,000+ compromised sites has been discovered, all of them redirecting to fake security software. The following graphic (courtesy of Cyveillance Blog), shows an attack underway.
As is usual with this type of redirection, when a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer, by exploiting existing vulnerabilities, is extremely high.
The following graphic (courtesy of Cyveillance Blog), illustrates 260,000 sites, they discovered, which will redirect.
Redirection exploit process:
Generally, there are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.
Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.
Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.
It’s often difficult to determine who the cybercriminals responsible for specific attacks of this type are, but not in this case. Researchers have concluded the infamous Koobface gang are responsible.
Regular readers are aware that we repeat the following advice regularly, but it’s worth repeating.
Keep all applications (including your operating system) patched.
Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is WOT (Web of Trust), an Internet Explorer/FireFox add-on that offers substantial protection against questionable or unsafe websites.
Turn off your computer or disconnect from the network when not in use.
Disable scripting features in email programs.
Make regular backups of critical data.
Make a boot disk in case your computer is damaged or compromised.
Turn off file and printer sharing on the computer.
Install a personal firewall on the computer.
Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.
Ensure the anti-virus software scans all e-mail attachments.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.