Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    An apartment in Moscow…

    The hacker known only as “DigitalVoid” hit the Enter key and watched as his script deployed the exploit to the thousands of compromised sites under his control. The exploit in question was a zero day for a very popular browser plug-in, and it had not come cheap, setting him back almost US$10,000. But when he considered the number of machines that were going to be under his control by the end of the night, he realized that it was a very small price to pay. Earlier that day, he had used search engine optimization (SEO) poisoning techniques to ensure that all of his sites were the top-ranking results for particular search terms—ones that no one looked for before, but which by the end of the night were going to be the hottest topics on the planet.

    Later that night in a pub in London…

    The pub was modestly full of customers whose eyes were fixed on the TV as the football match entered its last 10 minutes. Suddenly the game was interrupted by an urgent news flash and a news reporter came on screen looking like he had just been thrown in front of a camera with about 2 minutes’ notice. The banner scrolling across the screen read “Series of massive explosion rocks Moscow—Terrorists suspected.”

    At the same time in Moscow

    DigitalVoid smiled with satisfaction, all five of the explosives detonated as expected. He had taken great care to place them in unpopulated areas so there would be no danger of hurting anyone. After all, he was not targeting people, he was after publicity. The bombs were pretty simple to put together after watching some Internet tutorials and gathering the readily available ingredients.

    Right on schedule, the Number of bots field in DigitalVoid’s botnet control panel started to rapidly clock up. He reckoned that only a handful of people had ever searched for “five explosions in Moscow” before tonight but the whole world was doing so now.

    OK. So, a lot of the events written above are fictional. The chances of a hacker actually blowing up something in the real world are pretty slim but cybercriminals use the exact same attack model every day. If you came across an Internet hoax in the past year or so, chances are that it was related to a targeted SEO attack.

    The scenario is quite simple:

    • Cybercriminals want to direct as many victims as possible to their malicious pages.
    • Cybercriminals know users are interested in celebrities and current events.

    Unfortunately for cybercriminals, the likelihood of making their sites one of the top 10 search results for a particular celebrity is very low. After all, the top 10 will be taken up by legitimate sites related to that person.

    However, if cybercriminals first poison a search term related to that person (for example, searches related to the deaths of Eminem, Bill Cosby, or Johnny Depp) then start to circulate the corresponding hoax via email and social networking sites, they can suddenly use the celebrities’ popularity to attract people to their malicious attack pages.

    While Internet hoaxes have certainly been around much longer than SEO poisoning, they do provide an extra weapon for cybercriminals—using an old trick in order to make a profit. While the stories are completely bogus, they are designed to make readers fire off a quick online search that will lead them to cybercriminals’ pages.

    Obviously, the story at the start was the more “Hollywood” version of such as attack. If any studio is interested, give me a call but anytime you come across a story that seems too shocking to be true, think before you click that search result.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice