Tom Olzak

For Software Downloads, Go Directly to the Source

In Cybercrime, Hacking on October 2, 2009 at 10:54

Search engine results for download sites offering hard to get or difficult to find popular software are increasingly used by attackers to ply their insidious craft.  Users looking for an easy way to circumvent vendor constraints or to find popular free software must practice caution.  This isn’t a new warning, but it apparently needs repeating.

The following appeared yesterday in an article at The Register:

Surfers also need to be wary about hunting for Microsoft’s new freebie anti-malware scanner via search engines. Websense further warns that scareware distributors have poisoned search engine results so that sites passing off fake anti-virus scanners appear prominently in searches for Microsoft Security Essentials.

Both the Google Wave and Microsoft Security Essentials attacks rely on black hat Search Engine Optimisation techniques. Wrongdoers typically break into well-established sites and create webpages stuffed full with relevant keywords, cross-linked to other sites compromised in the same way. The tactic is designed to trick search engines into pushing doctored sites higher in search engine indexes for relevant terms.

Source:  Google Wave search poisoned by scareware scammers, John Leyden, The Register, 1 October 2009

And there’s more.  The following appeared in a related article:

Two ongoing scams are tricking Google and other search engines into prominently displaying millions of compromised webpages that attempt to hijack end users’ computers or steal their credit card numbers, researchers said.

One of the attacks is being used to direct people searching the web to an online store hawking pirated copies of popular software titles. Plugging the phrase “cheap vista for students” into Google, for instance, returned more than 19 million results, many of which redirected users to a site called soft4pcs.com.

A separate attack is the work of a botnet dubbed ASProx, which injects malicious links into misconfigured ASP webpages. Users who enter a wide array of search queries, such as “used corvette parts“, received results pointing to a page that redirected to ads-t.ru, which attempted to serve a hostile Adobe Flash file that installs malware

Source:  Google results flog millions of compromised webpages, Dan Goodin, The Register, 1 October 2009

So if you or someone you know is looking for a free AV scanner or is trying to get their hands on an invite for the newest beta, go directly to the source; avoid second-hand sites unless you are certain they are trustworthy.

%d bloggers like this: