Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 3rd, 2008

Google Trends Labs Abused By Cybercriminals To Spread Malware

According to a recent advisory issued by Webroot, cybecriminals are exploiting the search engines by monitoring the peak traffic for popular search queries using Google’s Trend Labs and syndicating the keywords in order to acquire the traffic and direct it to malware serving blogs primarily hosted at Windows Live’s Spaces.

For the first time, hackers are capitalizing on the top news stories from Google Trends Labs, which lists the day’s most frequently searched topics, which can include news of the Wall St. bail out or the presidential campaign, said Paul Piccard, director of Threat Research, Webroot. These highly relevant news stories and videos are being posted to the hackers’ fake blogs to increase the site’s Google search rankings.

These fraudulent blogs contain several video links about the news story for which the users were originally searching. Once a user clicks on one of the video links, they are prompted to download a video codec that downloads a rogue antispyware program designed to force the user into purchasing an illegitimate program that may put their personal information and data at even greater risk.

Upon clicking on a Windows Live Spaces link in search engine results page, users are exposed to ActiveX Object Error message that is attempting to trick them into installing TrojanDownloader:Win32/Zlob.AMV. In order to ensure that hackers fake blogs will get crawled in the shortest time frame possible so that they can better abuse the momentum peak of the search query, they’re taking advantage of the pre-registered blogs at popular blogging platforms which Google is crawling almost in real-time. Syndicating some keyword in order to serve malware is not an isolated event, with several hundred currently active blogs doing exactly the same as soon as Google Trends refreshes its hourly feed.

Malware campaigns have been taking advantage of pure SEO (search engine optimization), and mostly blackhat SEO techniques, during the entire 2008. The difference between the ongoing campaign and previous ones, is that the current approach has a higher probability of attracting generic search traffic since it’s relying on the world’s most popular search engine to tip them on what has the world been searching for during the past hour.

Share this article with others:

More on CyberInsecure:
  • Google Video Search Results Poisoned To Serve Malware
  • Google Code Project Abused By Spam And Malware
  • Malicious Firefox Add-on Spies On Google Search Results
  • Old Facebook Worm Using New Ways To Spread By Abusing Google Reader And Picasa Websites
  • Microsoft Update Disables AutoRun On Older Windows

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Google Trends Labs Abused By Cybercriminals To Spread Malware

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.