Welcome to WebmasterWorld Guest from 54.167.83.224

Message Too Old, No Replies

Coordinated campaign to rank malware pages on Google?

     
3:27 am on Nov 28, 2007 (gmt 0)

Full Member

10+ Year Member

joined:Dec 18, 2004
posts:321
votes: 0


A large-scale, coordinated campaign to steer users toward malware-spewing Web sites from Google search results is under way, security researchers say.
Gregg Keizer, Computerworld

Article on PCWorld
[pcworld.com...]

4:14 am on Nov 28, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


"So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."

Hmmm... that's not exactly massive in my book. The article says "many of the malicious URLs are just a jumble of characters, with China's .cn top-level domain at their ends." Sounds like PCWorld is just now catching up with our discussion from September [webmasterworld.com]. If so, they're really late to the party and that's why they only found 27 domains. Google's has already been onto this scheme for many weeks.

4:27 am on Nov 28, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 24, 2005
posts:1009
votes: 0


Ha. Slow news day.

That goes along with a report by NBC that <in a stocking voice>
"Companies even go so far as to buy ads on Google to get #1 placement for CyberMonday and the holiday season!"

Is MSM really that far behind the "internet" curve, still?

1:33 am on Nov 30, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 8, 2001
posts:766
votes: 0


< Admin note: This new story indicates that something new
has been going on - much more than we first thought. >

[news.bbc.co.uk...]

The BBC reports that Google has taken down tonnes of domains carrying malicious code. Most of the domains seem to be the previously discussed chinese domain extension and showing up at the top of the SERPs for innocent searches.

What seems interesting but the article doesn't explain fully is that it appears the malicious code only appears from Google referals. MSN and Yahoo referals don't seem to trigger it.

[edited by: tedster at 2:02 am (utc) on Nov. 30, 2007]

2:48 pm on Dec 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 8, 2001
posts:766
votes: 0


A followup to this post, looks like the groups involved have launched a fresh new attack after google purged the original results:

[theregister.co.uk...]

They appear to be pushing Spy-shredder, a malicious app pretending to be a Spyware buster on pages usually on a large amount of fresh .cn domains, with numbered html pages.

There is a very good explination of the attacks here:
[sunbeltblog.blogspot.com...]

< note: the Register article
also links to the Sunbelt Blog >

[edited by: tedster at 5:28 pm (utc) on Dec. 1, 2007]

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members