Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Limited Malicious Search Engine Poisoning for Election

Published: 2010-11-02
Last Updated: 2010-11-02 21:36:09 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

We have seen a couple of instances of search result poisoning for election related search terms. Right now, this is not wide spread but of course depends largely on the search terms you use.

One affected domain appears to be "digicube.biz" and malicious results are already blocked on Google. The malicious results use the search term as part of the URL, probably in an attempt to achieve a higher ranking (we have seen this before).

For example for the search term "2010 election results", you may get:

digicube.biz/..../news=2010-election-results  (parts removed to protect our readers)

At this point, these links do not show up very high in Google's ranking for these search results. If you find more polluted search terms, please let us know. Websense published a blog post with a few more details and search terms [1].

[1] http://community.websense.com/blogs/securitylabs/archive/2010/11/01/rogue-av-rides-the-US-midterm-elections-wave.aspx

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

2 comment(s)
Diary Archives