Web users warned of 'search engine poison'

kiwi_2005 · 10-04-11, 10:53 PM

Geezus I'm in the wrong business

Quote:

''There was a Latvian gang recently busted by the FBI, operating in something like 12 jurisdictions. They were selling fake spy-ware and in a year they'd made 72 million US dollars. ''I think the average [scam per victim] was $75 so that's just short of a million people.

You delete spam emails straight away. You don't visit dodgy looking websites. You're generally a pretty well-informed internet user. In other words, you're the kind of person targeted by scammers for search engine poisoning.
And if you've been a victim, you might not know it.
Computer security expert Paul Ducklin said internet users were becoming more savvy and less likely to fall for infamous email scams, but often made the mistake of blindly trusting search engines.
Mr Ducklin, of computer security firm Sophos, spoke about search engine poisoning at the National Identity and Hi Tech Crime Symposium on the Gold Coast today, hosted by Queensland Police's State Crime Operations Command Fraud and Corporate Crime Group.
Scammers are taking advantage of internet users' trust in search engine results with a technique called search engine poisoning - a method that earlier this year netted a Latvian gang more than $72 million.

Here's how they do it - and what you should look out for.

'THREE-FACED' WEBSITES
Mr Ducklin said a common technique often used by scammers was to hack into a website and essentially split it into three by modifying what it will look like depending on who the user is.
''They can tell one story to the search engine, give a second set of content to a legitimate, routine visitor to the site so it looks kosher, and give someone who comes as a result of doing a search different content,'' he said.
While the website looks fine to those who arrive directly, users who click through to the site via a search engine are redirected to an entirely different website that might either scam them or expose their computer to a virus.
The search engine itself is fed incorrect information about what the site contains, meaning the site has been manipulated into appearing in whichever search results the hackers decide.
Splitting the site means it's difficult for the website's hosts to know if they've been hacked, Mr Ducklin said, because they're visiting their site directly - not via a search engine - and therefore see only the legitimate version.

A SCAM IN SHEEP'S CLOTHING
After the website has been hacked to transfer search engine results to a different site, one of the most common techniques is to direct users to what appears to be a porn website, Mr Ducklin said.
''It's a fake porn site that then pops up with a fake virus alert that does a scan, says something like '55 virus alerts found' and asks you if you want those files removed," he said.
''And of course when you click yes, I want to clean up my computer, it's no longer free of charge.''
Mr Ducklin said scammers went to lengths to mimic legitimate virus software that users are familiar with.
''When it comes to payment time they behave exactly like the software offers you're used to seeing. They'll say it's $49 for now but here's a one-time special offer for an extra $19.95. That's how un-suspicious they are.''

Mr Ducklin said by keeping the prices relatively low compared to other internet scams, scammers gained trust as alarm bells were less likely to ring for the victim.
''A lot of users don't think they've been scammed,'' he said.
''They think 'oh, I wish I didn't have to pay that $49' but they don't think it's a scam.
''There was a Latvian gang recently busted by the FBI, operating in something like 12 jurisdictions. They were selling fake spy-ware and in a year they'd made 72 million US dollars.
''I think the average [scam per victim] was $75 so that's just short of a million people.
''It's not just the huge, high-volume frauds that matter. These are small frauds multiplied a million times.''

TRENDING TOPICS HIJACKED
Mr Ducklin said another trick was to use those hot trending topics, like those found on Google or Twitter.
''Things like natural disasters, major scale arrests, royal weddings, anything that has a momentary blip about it. At that point [when the news first breaks] there's no site that has a search engine history for the topic,'' he said.
Mr Ducklin said websites with a history are more trusted by search engines and are more likely to appear in the top of search results, and therefore be trusted by users as a safe website.
Scammers who hacked established websites with a good search engine history can manipulate the information given to the search engine so what appears in the search results will be related to the trending topic, while the website itself contains no information related to the topic.
When users click on the link, they're then automatically redirected to a bad website that might be a scam, or might force their computer to download malware, he said.
''That's called a drive-by install and it's where you go to a site that tries to trick your browser into downloading a virus, or it offers you a download under false pretences - such as in order to watch this video of Will and Kate's royal wedding you need to download a different media player," Mr Ducklin said.
''You're either tricked into installing malware or tricked into paying for software that does nothing.''
And for users who are scammed into downloading fake virus software, there's a further risk.
''Of course if you don't realise the software is fraudulent you believe your computer's got a clean bill of health. So you're at risk again.''
- Brisbane Times

Source
http://www.stuff.co.nz/technology/di...-engine-poison

Ducimus · 10-05-11, 02:16 PM

Yeah I've run into this sort of thing at work. One parrticuarlly memorable one was "PS Guard". Which was a rogue Security software. Acted like a normal antivirus, when what it really did was install crap on your PC, which it then asked for money to remove, as the PS guard was a trial version or some such crap. As i recall, searching for the individual entries PS Guard reported, also led to specialized software that would remove it for a fee. Was a pretty nice money grabbing circle jerk with this gurella ware that refused to go away as the pivot man. Umpteen entries in the system regestry, DLL files, etc.. It was a royal bitch to get rid of it.

Couple wiki entries for further reading:
http://en.wikipedia.org/wiki/Rogue_security_software
http://en.wikipedia.org/wiki/List_of...urity_software

the_tyrant · 10-05-11, 02:52 PM

all I have on my computer is porn
I am not worried

soopaman2 · 10-12-11, 11:24 AM

Quote:

Originally Posted by the_tyrant

all I have on my computer is porn
I am not worried

I am so happy hard drive space is as cheap as it is

......

**cough**

I mean uhh..PERVERT!

10-05-11, 02:52 PM	#3
the_tyrant Admiral Join Date: Jun 2010 Location: Canada Posts: 2,272 Downloads: 58 Uploads: 0	all I have on my computer is porn I am not worried __________________ My own open source project on Sourceforge OTP.net KGB grade encryption for the rest of us

10-05-11, 02:16 PM	#2
Ducimus Rear Admiral Join Date: May 2005 Posts: 12,987 Downloads: 67 Uploads: 2	Yeah I've run into this sort of thing at work. One parrticuarlly memorable one was "PS Guard". Which was a rogue Security software. Acted like a normal antivirus, when what it really did was install crap on your PC, which it then asked for money to remove, as the PS guard was a trial version or some such crap. As i recall, searching for the individual entries PS Guard reported, also led to specialized software that would remove it for a fee. Was a pretty nice money grabbing circle jerk with this gurella ware that refused to go away as the pivot man. Umpteen entries in the system regestry, DLL files, etc.. It was a royal bitch to get rid of it. Couple wiki entries for further reading: http://en.wikipedia.org/wiki/Rogue_security_software http://en.wikipedia.org/wiki/List_of...urity_software