RSS Alerts

Related Links

Related Stories

  • Fake search engines used to divert users to malware infected websites
    Hackers are starting to create fake search engine sites to divert hapless internet users to malware infected websites, says PandaLabs, the research operation of Panda Security.
  • Phishing sites hacked into via Google
    Phishing sites are mainly legitimate web sites that are being hacked via 'evil' web searches, reveals a report by a trans-Atlantic team of researchers.
  • Google falls victim to human error
    On Saturday, Google users were warned that all their search results were potentially harmful, due to a widespread result of human error.
  • 'Drop zones' hold treasure trove of stolen goods
    Millions of dollars-worth of stolen financial information harvested from nearly 200,000 computers is likely to be just the tip of the iceberg, according to a report from researchers at the University of Mannheim, Germany. The information was detected by the security team as part of an automated data analysis project designed to determine the size of the underground economy.
  • Weekly brief - October 5 2009
    Deviousness, Defenses, and Disappointments - read all about the week's security news in our weekly brief.

News

Rogue blogs pollute Google results

20 November 2009

Another round of SEO attacks has been discovered targeting Google. Criminals are crafting custom rogue blogs designed to target the 'long tail' of obscure Google searches to avoid having to compete with more popular searches in Google results, according to cyber intelligence company Cyveillance.

Many of the blogs have been compromised by having the online photo gallery software Coppermine hacked, according to Cyveillance.

Rogue blog publishing software is installed, which makes posts containing no text content. Instead, it posts images found in Google's Images search, which have been found using specific search terms targeted by the criminals. The images are enhanced with ALT and TITLE HTML tags containing the same search terms, in a bid to push the pages further up the Google search rankings.

The rogue blogs are designed to turn up in the Google search results for highly targeted four- or five-word searches, to stop them having to compete with more popular, simple searches.

The blogs redirect visitors that have found them via a Google search, taking them to Chinese domains that attempt to install fake anti-virus software on victims' computers. "The path from the infected websites to the fake anti-virus software drop sites is swift and likely not noticed by the user", Cyveillance said. The sites for the fake anti-virus software were all registered with Chinese registrar TodayNIC.com.

The search results only show up in Google, and are not visible in any other search engines, said Cyveillance.

"It is possible that the attackers took advantage of the ability to submit .xml sitemaps in Google to stimulate the search engine to visit and index the rogue blogs’ postings", said Cyveillance. "A suitable .xml file was found on the sites examined to support this technique."

eSoft, investigating the matter further, found over 800 000 active URLs acting as rogue blog middleman sites.

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water