News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
June 18, 2013, 18:27:50
linktree cexx.org - Support Forums  >  Everything Else  >  Culture Jamming
linktree Topic: Google search malware attack in progress
Pages: 1 2 3 [4]   Go Down
« previous next »
  Print  
Topic: Google search malware attack in progress  (Read 34950 times)
0 Members and 1 Guest are viewing this topic.
« Reply #45 on: November 02, 2010, 14:27:35 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

SEO Poisoning - Election results...
- http://isc.sans.edu/diary.html?storyid=9868
Last Updated: 2010-11-02 21:36:09 UTC - "We have seen a couple of instances of search result poisoning for election related search terms..."

- http://community.websense.com/blogs/securitylabs/archive/2010/11/01/rogue-av-rides-the-US-midterm-elections-wave.aspx
01 Nov 2010 - "... some search terms related to the ongoing event return sites employing black hat SEO... some of the infected sites already come with a warning.  However, there are still a handful of Web sites that do not have warning messages attached to them. Search terms used in this attack include:
2010 midterm election
midterm election results
midterm election 2010
midterm election latest polls
midterm election 2010
midterm election season
midterm election latest polls gallup
At the time of writing, the black hat SEO'd sites appear benign, only redirecting users to what appears to be a blank page. A closer look at the code reveals that the page contains a URL to a rogue AV site... If you copy and paste this URL in your browser, it will redirect you to the rogue AV download page which prompts the user to download inst.exe, identified by 10 of 43 VirusTotal engines*..."
* http://www.virustotal.com/file-scan/report.html?id=3555b4e4cf38a3061e6338d533129784a322b611d878845ab75b52a0a994d8f8-1288630936
File name: inst.exe
Submission date: 2010-11-01 17:02:16 (UTC)
Result: 10/43 (23.3%)
___

- http://community.websense.com/blogs/securitylabs/archive/2010/11/02/who-has-your-vote-as-malicious-adobe-and-firefox-updates-join-the-rougue-av-election.aspx
2 Nov 2010 - "... we spotted further activity on what appeared to be blank pages from the Black Hat SEO... This particular attack is browser-aware, as the threats are specific to the browser being used... As of the time of writing and publishing this blog, the coverage for the file download prompts for both IE Flash Update* and Firefox Flash update** was about 27.9%* as confirmed by VirusTotal."
(Screenshots available at the URL above.)

* http://www.virustotal.com/file-scan/report.html?id=7e951b746f942c3607872ead9ad1889ebac1471e611e3a9ade482832a08fc60d-1288711379
File name: v11_flash_AV.exe
Submission date: 2010-11-02 15:22:59 (UTC)
Result: 12/43 (27.9%)

** http://www.virustotal.com/file-scan/report.html?id=040b9b05acbb81a8cf0ff75caa3bfeb51e21188c35a56f57ff0d7d130a8c9054-1288711390
File name: firefox-update.exe
Submission date: 2010-11-02 15:23:10 (UTC)
Result: 12/43 (27.9%)

 Evil or Very Mad
« Last Edit: November 02, 2010, 18:55:21 by AplusWebMaster » Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
 
Pages: 1 2 3 [4]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Page created in 0.165 seconds with 20 queries.