According to a security research firm report issued on Tuesday, Google, Yahoo, and Microsoft Live Search are currently under a large-scale organized attack campaign designed to steer online searchers towards malicious malware websites.
Chances are, if you do any significant amount of searching, you may even run across some of these dangerous search results. Hundreds of legitimate search phrases have already been found to pull up links near the top of the results listings that lead straight to the malicius sites. According to Sunbelt Software, they’ve already found 27 different domains, each containing up to 1,499 bad pages. That’s about 40,000 potential pages, which is a pretty big number.
So just how did these malware sites manage to worm their way into the top of the SERPs? The researchers believe that they had their rankings boosted through questionable tactics such as comment and blog spam. It is believed that the yet-unidentified individuals behind the malware attack likely employed bots to pop links into any web form requesting a URL. So far they have found no evidence to suggest that they’ve bought search terms in order to rank higher, or that they’ve compromised legitimate sites. Nevertheless, the guys over at Google, Yahoo, and MSN are likely none too pleased that they’ve been manipulated.
Professional and discerning searchers may be able to spot the peculiar results pages, which show up mostly as domains with a jumble of characters in the URL and the TLD .cn at the end, but casual searchers and those new to search may unwittingly fall victim to the malware attacks by clicking the links. Even still, there’s the off chance that you might accidentally click one without realizing it.
Once users click a bad result and land on the malware site, they’re often promoted with a fake codec installation dialog. If that doesn’t get them, the site is still loaded will dozens of other tactics to infect their computer. From fake toolbars, scareware, rogue software, and more, the sites have it all. One site that they came across even tried to install 25 different bits of malware. Such sites are leaving people vulnerable to installations of spam bots, rootkits, password steelers, and an assortment of Trojan horses, amongst other things.
This latest attack serves as a reminder to make sure that your security and virus protection software are up-to-date, as most of the malware attacks a part of this are already flagged and recognized by such software. So if you haven’t updated lately, now’s the time to do it. Especially considering that Sunbelt says they’ve found them to have targeted “every possible search term you could think of.”