Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Various Olympics Related Dangerous Google Searches SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Various Olympics Related Dangerous Google Searches

We have received reports about the (sadly expected by now) search engine poisoning for various Olympics related terms. For example the name of the killed Georgian luge athlete is used to redirect unsuspecting users to fake anti virus and other malicious content. The redirect is browser dependent. Firefox is usually redirected to "qooglesearch.com" (note the 'q' as first letter instead of a 'g'). It is probably advisable to watch out for DNS requests for this domain to spot possible infections. Internet explorer is redirected to a wide range of different domains which apparently are picked at random.

 

Video of the attack

 

------
Johannes B. Ullrich, Ph.D.  - IPv6 Training
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Winter 2019

Johannes

3683 Posts
ISC Handler
Is there anyway to determine all the URLs this type of malware could redirect to?
Anonymous

Sign Up for Free or Log In to start participating in the conversation!