The Poisoned Web

It’s a scam within a scam, certainly ingenious, and very dangerous for the computers of those who fall for it.

 

First of all, search results are subverted so that infected pages are highly-ranked when a user looks for such things as “Christmas gifts” or “hospice.” Then, when someone goes to the site, they’re infected with malware that could not only hijack the machine into a botnet but also steal all manner of personal data.

 

If it were a few isolated incidents, that would be bad enough, but it’s a concerted, massive campaign, according to Sunbelt Software, one of the security companies that uncovered the problem.

 

Literally tens of thousands of domains were involved in this, the BBC reported. Although hosted in the US, they were registered in China, and most were very recent. They all contained malware geared to exploit vulnerabilities in Internet Explorer.

 

How did they manage to climb the search rankings? Quite simply, they used blog comments to convince the indexing software used by Live Search, Yahoo and Google that they were popular sources of information on particular topics. Interestingly, although the sites were indexed by both Yahoo and MSN, they were coded only to show up if someone searched using Google, and many topics were covered.

 

“You could be searching for really innocuous things and get nailed," Alex Eckelberry, head of Sunbelt Security, told the BBC."There was really nasty stuff in there. If there's any message from this I can scream from the rooftops its make sure you patch your machine."

 

Another firm, Trend Micro, discovered other booby-trapped sites.

 

It took about 24 hours before Google began removing the infected sites from its searches, but as of yesterday it was believed that some were still occurring in searches on Yahoo and Microsoft’s Live Search.

 

Was this an isolated event? Analysts believe not, and warn us to prepare for more – and worse – in the future.