Vulnerabilities / Threats
7/28/2009
06:02 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Hot Trends Dictate Malware Targeting

Popular search terms get more dangerous, a security report finds. And crossword puzzle players should be particularly vigilant.

Spammers and scammers are increasingly using Google to identify topics that will tempt people to open malicious messages and click on malicious links. They're also gaming Google's search system to target people seeking answers to The New York Times crossword puzzle.

"In July, there was an increased prevalence of spammers utilizing Google's trending topic information as a method to determine new social engineering tactics," says the August threat forecast issued by MX Logic, a messaging security company.

Google Hot Trends provides a periodically updated list of the top 100 search queries. Using this information, cyber criminals can create links associated with trending search terms on various Web sites that point back to their malicious site.

Because Google's PageRank algorithm treats links as votes for higher prominence in search results lists, malicious sites can be promoted to the top of search results pages by gaming Google's system. This tends to generate a lot of traffic due to the popularity of the search terms.

This isn't a new problem for Google, which has been dealing with link spam and PageRank manipulation for years. In a blog post in February, Craig Schmugar, threat research manager for McAfee Avert Labs, noted that Google Trends was being used to target malware and that Google subsequently appeared to have removed the malicious pages from its index.

"We work hard to protect our users from malware," a Google spokesperson said in an e-mailed statement. "Many of these results have been removed from our index. However, this issue affects more than just Google, as these sites are still part of the general Web. In all cases, we actively work to detect and remove sites that serve malware from our index."

Google says that it uses manual and automated processes to deal with such issues and that it continues to look for new ways to prevent the problem.

A highly-targeted form of interest-driven attacks is being directed at people who use Google to help them solve The New York Times crossword puzzle. Google searches for puzzle clue phrases have started returning links to malicious Web sites.

According to The New York Times, one of the paper's legal counsels explained in an e-mail that the scam works because of the rarity of the phrases used as crossword puzzle clues. Creators of malicious sites can easily appropriate puzzle phrases to make their sites rank prominently in Google searches.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3090
Published: 2014-09-23
IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3101
Published: 2014-09-23
The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2014-3103
Published: 2014-09-23
The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...

CVE-2014-3104
Published: 2014-09-23
IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

CVE-2014-3105
Published: 2014-09-23
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account n...

Best of the Web
Dark Reading Radio