Posted by: Robert Westervelt
SEO attacks; rogue antivirus
People searching for news about Tiger Woods’ personal problems could find themselves in a world of hurt.
Those eager to learn about Tiger Woods’ personal problems may gain some issues of their own if they click on a poisoned link that appear in some search results. The famous golfer, who crashed his car and is reportedly having family problems has resulted in a spike in search engine traffic. That spike in traffic undoubtedly has attackers seeing dollar signs.
Security vendor F-Secure highlighted search engine optimized attacks using searches for Tiger Woods to spread rogue antivirus software. in a YouTube video Sean Sullivan from F-Secure Security Labs demonstrates the SEO attacks. Using a Mozilla Firefox browser, Sullivan entered the search query “Tiger Woods accident rumors” in Google.
The results included a link to a handgun website in Charlotte, North Carolina and a small church in West Virginia – websites that are not malicious, but don’t have a dedicated Web admin team keeping them secure. The hackers found a website flaw in each of the sites, and injected PHP code in them to conduct drive-by attacks.
The good news is that Firefox identified the two sites as a “reported attack website.” But Internet Explorer users will have their browser crash as Sullivan demonstrates in the video. A pop-up message appears warning that the computer is infected with malware. If the user clicks ok a phony antivirus scan takes place showing malware it detected. A file is then pushed out, believed to be a rogue antivirus program.
While the attack is not new, the ease in which a user of Internet Explorer can be duped into believing they have been infected is amazing to see especially if the user is not technically savvy. Sullivan urges people to use Google News to conduct their search, since many legitimate news sites have Web admin teams protecting them.