<< Cybercrime pays big time | Cybercrime targets 2010 World Cup >>

Search engine results can be toxic

January 29, 2010 00:03 by author

By Kevin Haley, Director, Symantec Security Technology and Response

Low-life cybercriminals love to take advantage of newsworthy events to tempt unsuspecting computer users into clicking on something they shouldn’t or downloading something they’ll regret. Sports events, especially major ones like the soccer World Cup, are no exception!

One of the more popular methods of leveraging current events to ensnare users is search engine poisoning. Search engines, like Google or Bing, look for specific characteristics of web pages to determine how high up they should rank them in the search results.

Using both legitimate methods and some underhanded tricks, attackers try to ensure their malicious pages - infected with malware or designed to try and sell users misleading applications, such as rogue security software - appear high up in the rankings. This makes them appear legitimate and they’re more likely to get clicked on.

As an example, not even 24 hours after the upcoming NFL’s Super Bowl XLIV contenders were crowned as champions of their respective conferences on Sunday, Symantec observed poisoned search engine results appearing relating to the Super Bowl.

The popular search term “Super Bowl 2010 Score” brings up 26 dangerous websites among the first 100 results. Likewise, “Super Bowl 2010 Line” includes 23 dangerous sites popping up among the first 100 results. (Pictured below is a screenshot of a few of the malicious links that appear after searching for “Super Bowl 2010 Line”.)

This typifies the scams computer users need to be wary of, as you can be sure they will be repeated as the World Cup approaches.

Here are a few best practices to protect you from falling victim to poisoned search results and avoid downloading rogue security software:

Always keep your legitimate security software up to date and your entire systems patched.
Raise your level of awareness. Scrutinise all search engine results thoroughly.
Be cautious of pop-up displays and banner advertisements that mimic legitimate displays or try to promote security products.
Do not accept or open suspicious error displays from within a Web browser as these are often methods rogue security software scams use to lure you into downloading and installing their fake product.
Purchase security software only from reputable and trusted sources and only download applications directly from the vendor’s or its legitimate partners websites.
Exercise caution when browsing the Web. Since malicious attacks can result in the hijacking of open sessions, make sure to log out of websites when your session is complete.
Regularly review your credit card and other financial information as this can provide information on any irregular activities.

ff0ca9c1-bc20-4194-9fa8-48109bf07d85|1|5.0

Tags:
Categories: General
Actions: E-mail | Kick it! | Permalink | comment

Comments (0) | RSS comment feed

Comment RSS

And the Oscar goes to... By Candid Wueest In January we pointed out that cyber criminals took advantage of the large...Cyber crooks eye World Cup 2010 By Candid Wueest 2010 has arrived and will be a momentous year for South Africa as ...Cybercrime targets 2010 World Cup By Josh Talbot I recall watching a Sandra Bullock film called “The Net” in the ...