1.

Solve : Google Poisoned Links are Bitter Indeed?

Answer» HERE



Reports emerged this week from a Holland-based internet security consultant, Dancho Danchev, of a new technique - known as poison Google links - being used by hackers attempting to use legitimate Google searches as a vector to smuggle malware onto the machines of unsuspecting users.

So far the poisoned Google links all contain the string “IFRAME SRC=//” followed by an IP address, most recently and commonly 72.232.39.252, but that could change in a heartbeat.

Example of poisoned Google link search result:



The technique exploits a common method that many sites use to assist search bots. User-entered search strings are RETAINED and made available to the bots, which index them and later include them in the search results provided to other users. The hackers targetted several CNET-owned sites, among them ZDNet Asia and TorrentReactor, filling in the search box with the names of frequently-sought actresses. Except they added HTML iframe text containing the payload - links to sites that when accessed attempted to download malicious software with innocent-sounding names, like XP Antivirus 2008 and Spy Shredder Scanner. Don’t be confused, gentle reader, for these are rogues and trojans.

Google has long-attempted to identify sites that host malware, and to warn users who click on a suspect URL returned by a search. Yet their best efforts can only slow down and not prevent the online criminals, who in attempting to GAIN some control of your machine have come increasingly to prefer to gain their access through compromising legitimate sites, using such iframe injection exploits. Indeed, this new exploit is most effective when targeted at legitimate sites having high page ranks. It was reported this week that between 20,000 and 50,000 poisoned Google links were present on the ZDNet Asia site alone, with another 50,000 poisoned links at TV.com and a smaller number for News.com and MySimon.com.

So, Windows users, if you see in your returned Google search the telling “IFRAME SRC=//” followed by an IP address, don’t - whatever you do, DON’T - click on the link, for it is almost certainly a poisoned link. INSTEAD, click gently on the back button in your browser and breath a sigh of relief at your narrow escape.Yikes!

Our thanks, again.


Discussion

No Comment Found

Related InterviewSolutions