Poisoned search results capitalize on Conficker's popularity

Share this article:
For weeks, cybercrooks have been leveraging the internet's most popular search terms to boost the results ranking of their bogus anti-virus-hawking websites.

For example, the death of actress Natasha Richardson was one of latest search terms used to distribute a class of malware known as "scareware." Now, with the notorious Conficker worm set to be called into action next week, the worlds of pop culture and security are colliding.

Sensing that many curious computer users are going to be searching the web for details on the infectious worm, the authors of rouge anti-virus programs -- which, once installed, attempt to scare users into purchasing non-working products out of fear their machines are infected -- are employing search engine optimization tactics to hit as many people as possible. This includes building their malicious sites to include keywords related to Conficker, Symantec Security Response researchers said this week.

"Let's say you are curious about Conficker, or you think your computer might be infected by Conficker," Symantec's John Park wrote Wednesday on a company blog. "By simply searching [Google] for 'Conficker C,' page one of the results includes a link to an infected site being used to spread a fake anti-virus program."

"Even though we do not think the author of this rogue application is related to the author of Conficker, this incident shows us that the authors and affiliates of misleading applications don't want to miss a single opportunity to capitalize on established media attention," Park added.

Mark Harris, global director of SophosLabs, told SCMagazineUS.com on Wednesday that these fake anti-virus programs are becoming more rampant, and their creators may be using automated techniques to inject timely search terms into their websites.

A Google spokesman told SCMagazineUS.com on Thursday that the internet giant constantly is monitoring the web for poisoned search results.

"We work hard to protect our users from malware," he said. "We've removed many of these types of results from our search index. However, this issue affects more than just Google, as these sites are still part of the general web. In all cases, we actively work to detect and remove sites that serve malware from our index. To do this, we have manual and automated processes in place to enforce our policies."




Share this article:

Sign up to our newsletters

More in News

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.