Google Trends Labs Abused By Cybercriminals To Spread Malware
According to a recent advisory issued by Webroot, cybecriminals are exploiting the search engines by monitoring the peak traffic for popular search queries using Google’s Trend Labs and syndicating the keywords in order to acquire the traffic and direct it to malware serving blogs primarily hosted at Windows Live’s Spaces.
For the first time, hackers are capitalizing on the top news stories from Google Trends Labs, which lists the day’s most frequently searched topics, which can include news of the Wall St. bail out or the presidential campaign, said Paul Piccard, director of Threat Research, Webroot. These highly relevant news stories and videos are being posted to the hackers’ fake blogs to increase the site’s Google search rankings.
These fraudulent blogs contain several video links about the news story for which the users were originally searching. Once a user clicks on one of the video links, they are prompted to download a video codec that downloads a rogue antispyware program designed to force the user into purchasing an illegitimate program that may put their personal information and data at even greater risk.
Upon clicking on a Windows Live Spaces link in search engine results page, users are exposed to ActiveX Object Error message that is attempting to trick them into installing TrojanDownloader:Win32/Zlob.AMV. In order to ensure that hackers fake blogs will get crawled in the shortest time frame possible so that they can better abuse the momentum peak of the search query, they’re taking advantage of the pre-registered blogs at popular blogging platforms which Google is crawling almost in real-time. Syndicating some keyword in order to serve malware is not an isolated event, with several hundred currently active blogs doing exactly the same as soon as Google Trends refreshes its hourly feed.
Malware campaigns have been taking advantage of pure SEO (search engine optimization), and mostly blackhat SEO techniques, during the entire 2008. The difference between the ongoing campaign and previous ones, is that the current approach has a higher probability of attracting generic search traffic since it’s relying on the world’s most popular search engine to tip them on what has the world been searching for during the past hour.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.