Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Google Search Campaign InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Google Search Campaign

Published: 2007-11-28
Last Updated: 2007-11-28 23:06:30 UTC
by Mari Nichols (Version: 4)
0 comment(s)

Computerworld is reporting a "large scale, coordinated campaign to steer users toward malware-spewing Websites from Google search results is under way."  

  • They are quoting approximately 40,000 pages may be hosting malware. 
  • 27  different domains are involved.
  • Each with up to 1499 malicious pages.
  • Tactics Used per Sunbelt:
    • "comment spam" - bots hide in comment sections with links
    • "blog spam" -bogus blog posts
    • plug links into any web form requesting a link

Please let us know if you are seeing this activity via our contact page.

Thanks, Mari Nichols

UPDATE:  Google is not the only search engine affected.  Yahoo and Microsoft Live and others are being subverted.

UPDATE:  Google for one has cleaned up their database. They are currently no longer returning these .cn pages for the queries affected.

UPDATE:  Live Search has submitted the changes necessary to yank these URLs from the database.

Keywords:
0 comment(s)
Diary Archives