NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0375 Rogue Operation in November Rigged Google to Deliver
Malware:
Beginning on 24NOV and continuing for less than a week, hackers used Google to deliver
malware to unsuspecting searchers using one of thousands of innocuous and common search
terms. The hackers loaded more than 40,000 web pages with malicious software and thousands
of common search terms that with one-click looked for any of a number of vulnerabilities
in a range of programs. The implementation of this technique can be characterized in three
steps:
- The culprits used botnets to push a dark form of SEO (Search-Engine
Optimization), called a "Google bomb," to boost their sites'
Google rankings.
- The poisoned sites carried JavaScript code designed to stop attacks upon
visitors from other search engines - only visitors that came through a Google
search were hit.
- The manipulated pages contained code to keep the attack sites from appearing
in results when the entered search term included certain expressions commonly
used by security researchers. For example, Sunbelt Security firm had recently
written about using "inurl" and "site," two fo the singled-
out terms.
(www.pcworld.com 28JAN08)