aBe very alert using Google, Bing or Yahoo Search to look up recipes for your Fourth of July celebrations this weekend. Achal Khetarpa, research director at antivirus firm CyberDefender, just typed "4th July dessert recipes" as a Bing query and got to this innocuous, but highly invasive result:
At this point, the fake scan/alert is running inside whatever web browser you happen to be using, says Randy Abrams, director of technical education at antivirus firm Eset. Once you get to your Task Manager, hit the "applications" tab; and find your browser; then force-quit the browser by clicking "end task."
"If the user is running Internet Explorer they need to end Internet Explorer, " says Abrams. "If they are running Firefox, then end Firefox, Safari, end Safari, if Chrome, then end Chrome."
The selling of scareware has morphed into a outrageously lucrative criminal enterprise. Panda Security estimates that scareware generates some $34 million a month in revenue for a cottage industry of elite gangs and enterprising specialists. Panda's estimate was affirmed by the bust of the Innovative Marketing gang; federal regulators documented that the gang banked $163 million in sales from 2006-2008.
So-called Black Hat SEO (search engine optimization) attacks that disperse poisoned search results have become a very popular way to spread scareware. Such attacks "are automated and take place every single day," says PandaLabs researcher Sean-Paul Correll. "It currently is the main delivery method" for scareware.
Google is the primary target, since it accounts for 65% of U.S. searches, but the techniques hackers are using to poison search results work well on any search engine, says Andrew Brandt, threat research analyst at antivirus firm Webroot. "This has been extremely pervasive since the middle of 2009," says Brandt. "The fact that, nowadays, virtually any search result can contain malicious links is a sign that those engaged in this practice have become expert search engine manipulators."
The bad guys typically use free analytics tools supplied by Google to keep abreast of Google's top trending topics, says Roel Schouwenberg, senior analyst at Kasperky Lab. Recent trending topics for which the bad
No comments:
Post a Comment