| Top
Security News |
Google Talk Phishing Attack Sounds Alarms
The old X Files adage aptly applies to the Internet these days: Trust no one. Some Gmail users, already miffed about previous service outages, were invited through Google Talk to watch a video by clicking a link.
Search Spam Back On The Rise
It's not a new tactic, but it is a revisited one. Spammers are using search engine links-redirect links created by searching for a domain or keyword and copied before resolving-to disguised the addresses of their malicious...
Facebook Hit With Malicious App
As far as malware tricks go, this one is pretty diabolical. Over the weekend, Facebook users started receiving messages saying friends had tried to view their profile but were unable to do so. The message prompts the user to install a third party app, oddly titled "Error Check...
Google Offers Best Practices Against Hacking
Security news focuses a lot on spambots and malicious material found out in the wild. But the webmaster's backyard can be an unexpectedly dangerous place with little hacker landmines buried here and there...
|
|
It used to be one was at most risk of getting a computer virus via spam or frequenting bad Internet neighborhoods (places one probably shouldn't be hanging out in the first place, picking up just any old download they come across). These days malware pushers have come out in the open where the masses collect, and places like Google, Facebook, and Twitter are starting to resemble the Time Square of old-with peril and vice all around.
Today's aggressive and spooky abuse of trusted giants reveals just how sophisticated and manipulative these guys have become. By following Google Trends, and with some sharp SEO skills to take advantage of Google's famed real-time indexing, Scammers are directly targeting Google's search results, trusted by as many as 70 percent of Internet searchers.
McAfee researcher Craig Schmugar points to the recent Gmail outage as an example. When that happened, many were searching for the cause or solution to the problem, and Schumagar shows how a malicious link copying verbatim the top news source text as a snippet, shows up fourth in the search rankings, following highly recognizable and trusted sources like Google News, Digg.com, and Mashable.
A subsequent link query found the domain linked to several other trending topics: Quiznos (a free sub giveaway promotion), Sharon Stone at the Oscars, Extreme Makeover foreclosure, Nicky Hilton, IHOP all you can eat pancakes promotion. All of them obviously target what the average searcher may be seeking.
That same malicious link-which led to a scareware prompt only if arriving via a search engine (gibberish if you just enter it into a browser, thereby masking the intent some)-was also found directly on the Google Trends page for Ash Wednesday, which was yesterday.
"I do not recall any previous attacks abusing Google Trends this aggressively," said Schmugar. "The malicious links are being distributed across numerous sites, targeting many high-profile search terms, and the poisoned links are regularly appearing high up on Google results pages."
Because of this, Schmugar doubts there is a link between the "Error Check System" message many Facebook users received. Facebook has been criticized for allowing this because the company doesn't verify or approve third party applications. Allowing the app allowed friends to be spammed with the same message, and searching the phrase led them to similar scareware index-related peril.
However, this new aggressive targeting of popular search trends, and Facebook's odd spam messaging, occur simultaneously with other social/Google-related incidents. This week, Google Talk users were bamboozled by an invitation to click a shortened (read: masked) URL to a dangerous supposed video site.
Continue reading this article.
About the Author:
Jason is a graduate of the University of Kentucky. He covers business, technology, and security issues.
|
|
SecurityProNews is brought to you by:
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
