David Paine, Technical Services Manager at Castle Computer Services writes:
A rising trend in the area of Information Security from the end of 2009 that is predicted to increase in prevalence even further in 2010 is a technique known as Search Engine Optimisation or an SEO poisoning attack. This occurs when a hacker compromises search engine results to make their links appear higher than legitimate results. This means that as you search for related terms the infected links appear near the top of the search results, generating a greater number of clicks to malicious Web sites, which may subsequently lead to malware being unknowingly downloaded to your computer. In the last year, attackers have used this technique to poison search results on everything from television awards to humanitarian disasters, and so we get to the Haiti earthquake...
The earthquake that hit Haitian capital Port-Au-Prince last week led to a huge rise in related malicious URLs appearing in search engines. One company, Zscaler Research reported that only an hour after the earthquake hit, there was a 1,578 per cent increase in related URLs visited, with a corresponding 5,407 per cent increase in bandwidth usage for ‘Haiti' URLs. On the malware front, it reported as seeing an increase in search engine optimisation (SEO) taking advantage of Haiti earthquake search terms to redirect visitors to rogue anti-virus download sites.
According to Symantec, “The humanitarian crisis caused by the Haitian earthquake has captured the world's sympathies and people are flocking to donate online. Sadly these are exactly the conditions that a cynical scammer would be looking to exploit, as the desire to help can often cloud a person's good judgement. They count on the public's good nature, concern and desire to help, and hope that they won't see through the scam email which they are reading.”
As with other kinds of phishing, scamming and so on, it is much safer to go to known legitimate resources rather than responding to unsolicited requests for help from unverified sources.
Yes it is quite genuine in order to protect users, IT managers and IT solution providers must ensure that users are aware of the dangers that can be posed by something as pedestrian as a Google search. SEO poisoning is an increasingly popular method of attack for cyber criminals and one that shows they are using more sophisticated techniques.
Posted by: computer technician | March 30, 2011 at 06:14 AM
In the last year, attackers have used this technique to poison search results on everything from television awards to humanitarian disasters, and so we get to the Haiti earthquake...
Posted by: jobs online | October 24, 2011 at 03:20 PM