Poisoned search results capitalize on Conficker's popularity

Share this article:
For weeks, cybercrooks have been leveraging the internet's most popular search terms to boost the results ranking of their bogus anti-virus-hawking websites.

For example, the death of actress Natasha Richardson was one of latest search terms used to distribute a class of malware known as "scareware." Now, with the notorious Conficker worm set to be called into action next week, the worlds of pop culture and security are colliding.

Sensing that many curious computer users are going to be searching the web for details on the infectious worm, the authors of rouge anti-virus programs -- which, once installed, attempt to scare users into purchasing non-working products out of fear their machines are infected -- are employing search engine optimization tactics to hit as many people as possible. This includes building their malicious sites to include keywords related to Conficker, Symantec Security Response researchers said this week.

"Let's say you are curious about Conficker, or you think your computer might be infected by Conficker," Symantec's John Park wrote Wednesday on a company blog. "By simply searching [Google] for 'Conficker C,' page one of the results includes a link to an infected site being used to spread a fake anti-virus program."

"Even though we do not think the author of this rogue application is related to the author of Conficker, this incident shows us that the authors and affiliates of misleading applications don't want to miss a single opportunity to capitalize on established media attention," Park added.

Mark Harris, global director of SophosLabs, told SCMagazineUS.com on Wednesday that these fake anti-virus programs are becoming more rampant, and their creators may be using automated techniques to inject timely search terms into their websites.

A Google spokesman told SCMagazineUS.com on Thursday that the internet giant constantly is monitoring the web for poisoned search results.

"We work hard to protect our users from malware," he said. "We've removed many of these types of results from our search index. However, this issue affects more than just Google, as these sites are still part of the general web. In all cases, we actively work to detect and remove sites that serve malware from our index. To do this, we have manual and automated processes in place to enforce our policies."




Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff ...

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.