Attack Of The Fake Search Results
A massive attempt to defraud search users was thwarted yesterday, according to the BBC. Hackers created thousands of booby-trapped Web sites that tricked Google, MSN and Yahoo search crawlers into ranking them very high. The hackers used comment spam on blogs to achieve the high results. The Web sites would come up in search results for terms like “Christmas gifts” and “hospice,” the report said. Users who clicked on these fake sites risked having their computers hijacked and their personal information stolen.
However, the attack was uncovered yesterday. “This was fairly epic,” said Alex Eckelberry, who heads Sunbelt Software, one of the firms that uncovered the attack. Eckelberry said tens of thousands of domains were used in the attack and that most were Chinese registered and hosted in the U.S. He said the attack could be a harbinger of many more to come.
As usual, the malicious software exploited weaknesses in Microsoft’s Internet Explorer. “If your machine was not fully patched, you were going to get hosed,” Eckelberry said. He added that the fake Web sites were only programmed to show on Google.com, even though Yahoo and MSN’s crawlers also indexed them. From MediaPost Link to BBC