Poisoned search results capitalize on Conficker's popularity

Share this article:
For weeks, cybercrooks have been leveraging the internet's most popular search terms to boost the results ranking of their bogus anti-virus-hawking websites.

For example, the death of actress Natasha Richardson was one of latest search terms used to distribute a class of malware known as "scareware." Now, with the notorious Conficker worm set to be called into action next week, the worlds of pop culture and security are colliding.

Sensing that many curious computer users are going to be searching the web for details on the infectious worm, the authors of rouge anti-virus programs -- which, once installed, attempt to scare users into purchasing non-working products out of fear their machines are infected -- are employing search engine optimization tactics to hit as many people as possible. This includes building their malicious sites to include keywords related to Conficker, Symantec Security Response researchers said this week.

"Let's say you are curious about Conficker, or you think your computer might be infected by Conficker," Symantec's John Park wrote Wednesday on a company blog. "By simply searching [Google] for 'Conficker C,' page one of the results includes a link to an infected site being used to spread a fake anti-virus program."

"Even though we do not think the author of this rogue application is related to the author of Conficker, this incident shows us that the authors and affiliates of misleading applications don't want to miss a single opportunity to capitalize on established media attention," Park added.

Mark Harris, global director of SophosLabs, told SCMagazineUS.com on Wednesday that these fake anti-virus programs are becoming more rampant, and their creators may be using automated techniques to inject timely search terms into their websites.

A Google spokesman told SCMagazineUS.com on Thursday that the internet giant constantly is monitoring the web for poisoned search results.

"We work hard to protect our users from malware," he said. "We've removed many of these types of results from our search index. However, this issue affects more than just Google, as these sites are still part of the general web. In all cases, we actively work to detect and remove sites that serve malware from our index. To do this, we have manual and automated processes in place to enforce our policies."




Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.