SonicWALL found 6,600 malicious URLs attacking the top search terms, including "what time do the oscars start 2010" and "disney princess half marathon." As many as nine of these terms are under attack at any one time. More than 60 malicious URLs for the princess query appeared on Google's top 30 search results between March 7 and 8, and 34 malicious URLs for the Oscars query.
Why the spike in malicious URLs? "Based on the search terms that we observed, this jump can be correlated with huge public interest in finding out news related to Oscar awards," says Deepen Desai, lead malware researcher for SonicWALL. "A major spike was observed during the weekend of March 6 to 7, 2010. At one point, there were 1,200 malicious URLs appearing in the first 30 search results for the top Google search terms -- and close to 50 percent of those were related to Oscars-related search terms."
Desai says SEO poisoning attacks continue to be popular and successful because the bad guys know the latest news drives user interest. "And most of these malicious URLs appearing in the search results are compromised sites that appear legitimate," he says.
The malicious URLs mostly are spreading rogue antivirus applications, he says. "Most often these malicious URLs lead to a fake antivirus scan animation screen that alerts the users with fake detection of malware on [their] machine. It further prompts the user to download and purchase full version in order to fix the issues," he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.