A recent blog post on Secure Home Networks reviewed a major new blackhat SEO malware campaign comprising literally thousands of sites using the .info TLD. There has been much concern raised about this attack, as certain vendors reportedly described the infections as “not disinfectable.”
Blackhat SEO is a highly popular style of attack used by cybercriminals who know that the majority of everyday users cannot identify malicious sites just from looking at the way a URL is built, and that users most often trust the search results presented to them by their chosen search engine. Rogue antivirus programs or FAKEAV variants are most often the type of malware seen distributed through blackhat SEO attacks, and such has been observed rampant for the past years. More information on blackhat SEO and its rampancy can also be read in the report we published late last year: How Blackhat SEO Became Big.
As prevalent as blackhat SEO attacks are, such and their related infections do not have to spell doom for users. There is another way.
Tools such as VirusTotal are somewhat useful as a basic indication of protection levels. However, they unfortunately do not reflect an accurate picture of how users are protected today. Many security organizations, including Trend Micro offer protection above and beyond the traditional file-based antivirus. Increasing numbers of vendors have begun to recognize the importance of cloud-based protection. With cloud-based protection, threats are blocked proactively before users can ever access the website on which they reside.
As was the case in the attack reported by Secure Home Networks. Trend Micro blocked all malicious URLs related to this attack on 25th January, protecting users of the Smart Protection Network by proactively preventing access to the malicious files – however we didn’t stop there – we blocked all the malicious files (TROJ_AGENT.SMVC, TROJ_AGENT.QMB, and TROJ_AGENT.SMDT) too.
As is described in a recent post on our Cloud Security Blog, cloud-based protection, such as that pioneered by Trend Micro, can greatly improve user and corporate security, as attacks are blocked before a malicious file can ever reach your computer, or your network.