Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Thousands of Malicious Web Page redirects - Be careful with Internet searches

Some updates are noted below on this very serious threat related to malicious web sites that may be offered from Internet searches (e.g., Google).  Numerous malicious pages are being created in a manner that they will appear prominently on the 1st few pages of a search (e.g., ranked high in order of appearance from a search and the malware gang appears to be keyed in on Google's site ranking methodology).

Below is some excellent advice from Sandi on what to avoid:

http://msmvps.com/blogs/spywaresucks/archive/2007/11/27/1359221.aspx

QUOTE: Take a close look at the URLs for the malware links; they are all random collections of letters and numbers, and they're all Chinese domains. Users of Google (and other web search engines) need to pay close attention to the links that are being offered, and avoid anything that just doesn't look right, and certainly avoid 'nonsense' domains like those in the Sunbelt screenshots


Below is the latest update from Sunbelt on this threat: 

http://sunbeltblog.blogspot.com/2007/11/malware-redirects-aftermath_27.html

QUOTE: Sunbelt Software has uncovered tens of thousands of individual pages that have been meticulously created with the goal of obtaining high search engine ranking. Just about any search term you can think of can be found in these pages.


Sunbelt is classifying this particular threat as follows in CounterSpy:

SCAM.IWin Malware Family
http://research.sunbelt-software.com/threatdisplay.aspx?name=Scam.Iwin&threatid=43561

QUOTE: Scam.Iwin is created by a browser exploit for the purpose of transmitting false clicks to internet URLs.  The victim's computer is used to generate income for the attacker in a pay-per-click affilate program by transmitting false clicks to the attacker's URLs without the user's knowledge. The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the internet. Scam.Iwin is thought to be related to CoolWebSearch.


Original post from yesterday:

http://msmvps.com/blogs/harrywaldron/archive/2007/11/27/internet-searches-massive-number-of-redirects-to-malicious-sites.aspx

Comments

Windows Vista News said:

Interesting point at msmvps.com

# November 28, 2007 12:00 PM