Vulnerabilities / Threats
06:02 PM
Connect Directly

Google Hot Trends Dictate Malware Targeting

Popular search terms get more dangerous, a security report finds. And crossword puzzle players should be particularly vigilant.

Spammers and scammers are increasingly using Google to identify topics that will tempt people to open malicious messages and click on malicious links. They're also gaming Google's search system to target people seeking answers to The New York Times crossword puzzle.

"In July, there was an increased prevalence of spammers utilizing Google's trending topic information as a method to determine new social engineering tactics," says the August threat forecast issued by MX Logic, a messaging security company.

Google Hot Trends provides a periodically updated list of the top 100 search queries. Using this information, cyber criminals can create links associated with trending search terms on various Web sites that point back to their malicious site.

Because Google's PageRank algorithm treats links as votes for higher prominence in search results lists, malicious sites can be promoted to the top of search results pages by gaming Google's system. This tends to generate a lot of traffic due to the popularity of the search terms.

This isn't a new problem for Google, which has been dealing with link spam and PageRank manipulation for years. In a blog post in February, Craig Schmugar, threat research manager for McAfee Avert Labs, noted that Google Trends was being used to target malware and that Google subsequently appeared to have removed the malicious pages from its index.

"We work hard to protect our users from malware," a Google spokesperson said in an e-mailed statement. "Many of these results have been removed from our index. However, this issue affects more than just Google, as these sites are still part of the general Web. In all cases, we actively work to detect and remove sites that serve malware from our index."

Google says that it uses manual and automated processes to deal with such issues and that it continues to look for new ways to prevent the problem.

A highly-targeted form of interest-driven attacks is being directed at people who use Google to help them solve The New York Times crossword puzzle. Google searches for puzzle clue phrases have started returning links to malicious Web sites.

According to The New York Times, one of the paper's legal counsels explained in an e-mail that the scam works because of the rarity of the phrases used as crossword puzzle clues. Creators of malicious sites can easily appropriate puzzle phrases to make their sites rank prominently in Google searches.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.