Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: SEO poisoning on TV show - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SEO poisoning on TV show

An ISC reader, thanks Paul, notified us about a new SEO (Search Engine Optimization) poisoning attack doing the rounds in the last 6-8 hours. We have talked about this kind of attacks in the past, although they were mainly focused on other hot technological topics, major tragedies, or events. This time, the topic to get on top of the search engines result page is a TV reality show. Specifically, there is a TV show premiere in the US tonight called "Billy the Exterminator". The "wiki billy the exterminator" search term in Google (USE WITH CAUTION: http://www.google.com/search?q=wiki+billy+the+exterminator) shows the poisoning attack.

The compromised sites present the following URL format: /FILE.php?PARAM=billy%20the%20exterminator%20wiki, where FILE is most commonly a three letter file name, and PARAM is an input parameter (one or multiple characters). The affected sites are using a drive by attack, providing victims a fake AV warning message that drives them to download a piece of malware: "Warning! Your computer is vulnerable to malware attacks. We recommend you to check your system immediately. Press OK to start the process now.".

If you manage, or know someone that manages any of the affected sites, we would like to get details about the compromise in order to confirm the vulnerability exploited to get into . Please, send details through our contact page.(PHP related)

--
Raul Siles (www.raulsiles.com)
Taddong is comming soon...

Raul Siles

152 Posts
Seems like the redirects are heading towards CNN.

-A
Anonymous

Sign Up for Free or Log In to start participating in the conversation!