This new trend underlines how cyber-crime is becoming increasingly professional. Previously, cyber-crooks would use malicious SEO (Search Engine Optimization) or "blackhat SEO" techniques to improve the ranking of their pages among popular search engines. Now, they are beginning to use their own search engines which lead users directly to pages designed to infect or defraud them. One such malicious search engine, detected by PandaLabs, has already received approximately 195,000 visits.
These search engines operate as follows: When users enter a search term, the engine returns just five or six results. Clicking on any of these results will redirect the user to a Web page created specifically to distribute malware. The pages may include content such as pornographic videos, which ask users to download the latest version of "Web media player" in order to watch the clip. However, the file downloaded is really the adware WebMediaPlayer. These pages are also being used to distribute fake antivirus programs. You can see an image here: http://www.flickr.com/photos/panda_security/3504323344/
This technique is known as social engineering, and basically involves infecting users by enticing them to click a link or run a malicious file.
"We started searching for words and issues frequently exploited by cyber-crime, in this case swine flu, or celebrity names such as Britney Spears or Paris Hilton and this took us to pages created to distribute malware. But, we then found that even searching for our own names would reveal results that were in fact malicious pages," explains Luis Corrons, Technical Director of PandaLabs. "Strangely though, there is the occasional normal result among all the malicious ones. Perhaps this is to bolster the illusion that this is a genuine search engine."
To avoid falling victim to these attacks, PandaLabs advises users only to use trusted search engines, and to be wary of Web sites offering sensational videos or unusual stories.
"If on this kind of Web site you are asked to download a codec or any other kind of program to watch videos, there is a strong chance that it is really malicious code," warns Corrons.
For images illustrating this new trend, click here: http://www.flickr.com/photos/panda_security/tags/adwarewebmediaplayer/
There is also further information on the PandaLabs blog: http://pandalabs.pandasecurity.com/archive/Swin-flu-and-the-Blackhat-SEO-techniques.aspx
Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.
Currently, 94 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), working 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.
More information is available in the PandaLabs blog: http://www.pandalabs.com and the Panda Security website: www.pandasecurity.com/usa.