Sunbelt Software: Google search results delivering massive malware attacks

Sunbelt Software: Google search results delivering massive malware attacks

Summary: For the last two days, security software firm Sunbelt Software has been all over what could develop into a scary trend: Rigged Google search results that deliver big malware payloads.On Monday, Sunbelt reported "we’re seeing a large amount of seeded search results which lead to malware sites.

TOPICS: Malware, Google, Security

For the last two days, security software firm Sunbelt Software has been all over what could develop into a scary trend: Rigged Google search results that deliver big malware payloads.

On Monday, Sunbelt reported "we’re seeing a large amount of seeded search results which lead to malware sites." The search terms leading you to these malware payloads were pretty basic fare.

This screenshot courtesy of Sunbelt shows an example of the malware sites (Sunbelt's post has a bunch of other examples).


On Tuesday, Sunbelt researcher Adam Thomas followed up with another post. Thomas wrote:

Sunbelt Software has uncovered tens of thousands of individual pages that have been meticulously created with the goal of obtaining high search engine ranking. Just about any search term you can think of can be found in these pages.

Simply put, damn near any Google search term--even terms like "hospice"-- can take you to one of these malware sites. Computerworld quotes Sunbelt Software CEO Alex Eckelberry as saying "this is huge." I'm inclined to agree, especially considering Eckelberry's inventory: "27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."

Thomas continues:

For months now, our Research Team has monitored a network of bots whose sole purpose is to post spam links and relevant keywords into online forms (typically comment forms and bulletin board forums). This network, combined with thousands of pages such as the two seen above, have given the attackers very good (if not top) search engine position for various search terms.

In our previous post, we mentioned that the malicious pages also contained an IFRAME link which would attempt to exploit vulnerable systems. If you were unlucky enough to run across one of these links while surfing with a vulnerable system, you would become infected with a family of malware that we call Scam.Iwin. With Scam.Iwin, the victim's computer is used to generate income for the attacker in a pay-per-click affiliate program by transmitting false clicks to the attacker's URLs without the user's knowledge. The infected Scam.Iwin files are not ordinarily visible to the user. The files are executed and run silently in the background when the user starts the computer and/or connects to the internet.

Google has been notified and hopefully its fancy algorithm can nuke these bogus sites pronto.

Ryan Naraine is on vacation.

Topics: Malware, Google, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I wonder?

    I wonder how much a press hit like this one costs Microsoft?

    Linux is IP impure and Google search is scary.
    • how much will it cost google is a good question to (NT)

      SO.CAL Guy
    • Microsoft? Not a thing. Google, on the other hand

      gets it in the face, and hard.
      • Microsoft? Not a thing. Google...

        Yes, I found that odd that they failed to mention Microsoft Live Search had similar results, and, unlike Google, still hadn't purged the malware installing website results.

        Not that Ziff-Davis would do slanted reporting intentionally, so it's probably merely coincidental.
    • Linux is IP impure?

      Pure FUD until proven otherwise, which no one seems to be able to do.
      Henrik Moller
      • What does Linux is IP impure mean?

        Is that intel. property or something else. Don't use Linux so maybe I'm a little ignorant
        • Yes, intellectual property (nt)

          no text
        • "IP imure"

          Several years ago, a US company, SCO, filed several lawsuits alleging that Linux source code contained intellectual property (IP) they owned and tried to force a number of large Linux users to pay royalties based on that allegation. But after several years and a lot of pressure from the organisations they sued, and by the US legal system, they were unable to demonstrate that their claim had any truth to it. SCO is now in the process of going out of business.

          <p>Recently, Microsoft has offered a lot of hints and innuendo that assert that some of <i>their</i> IP has inappropriately found its way into Linux, but they too are unable to substantiate their claims.

          <p>Thus it's all but certain that, first, SCO, possibly acting in concert with Microsoft, was merely attempting to sow Fear, Uncertainty, and Doubt among Linux users, and now Microsoft is attempting to do the same directly.
          Henry Miller
          • It should be pointed out

            That Intellectual Property does not exist.

            There is copyright and there are patents, both of which are, in fact, Intelectual Monopolies granted to individuals and organisations for a limited period of time, and which at the end of that time are returned to the public domain.
            tracy anne
    • Wow, people's sarcasm meters must be broken!

      [i]I wonder how much a press hit like this one costs Microsoft?[/i]

      Probably about as much as all the iPhone stories cost Apple. A year ago, HTC touch screen phones were just that. Now, they are failed iPhone killers. This must cost Apple a fortune although considering the price of the phone along with the kickback they get from AT&T, along with the revenue Apple gets from selling the personal information you give up with you are [b]forced[/b] to buy the phone with a credit card, I'm sure Apple sees a healthy ROI from the money they spend at ZDNet.
      • Talk about FUD

        Yeah, as long as wipes like you continue to pass along BS about the iPhone, i.e. selling personal information, there will be people questioning it. Old lies die hard.
  • all the infected links are from china .cn makes you think

    all the infected links are from china .cn makes you think

    i think the Chinese government has something to do with this there not much that go's on in that country that the government does not know about.

    something needs to be done with them boycott but wait we can't everything comes from there.
    SO.CAL Guy
    • Indeed

      Months ago I noticed the huge number of trash ".cn" sites showing up no matter what you searched for, so I just started using advanced search and setting it to filter out ANY result located in ".cn".

      Wallah, no more trash .cn sites.

      I just wish Google would let you have persistent settings for everything in search, the same way the SafeSearch setting persists. That way it could be a "set it and forget it" thing...
      Hallowed are the Ori
      • China = wild west (wild east?)

        while I do not think the Chinese government is averse to causing grief to America, I am more inclined to chalk this up to an environment of regulatory anarchy. I believe that the government does not know (and does not particularly care) whether its citizens are perpetrating massive fraud on the rest of the world. I believe (hope?) that this will eventually change, but it won't happen until the west decides that its not a good idea to build a consumer economy on someone else's slave labor.
        • Your right slave labor...

          Your right the slave labor should be coming from Mexico like our President wants. Then we can compete with nations that have a good supply of it.

          Isn't greed a wonderful part of our economy...
        • Hey, China is West

          One must look West from America to look towards China (down too, but the planet gets in the way).
      • "Wallah"??

        I guess you meant "voila!"

    • Everything coming from China

      I was recently looking at merchandise at a retail store during the Thanksgiving holidays and thinking on this subject and it is true, everything comes from China. It is very difficult to find anything that is not manufactured there; It is a sad state of affairs that this trend is so prevalent. I myself would be willing to spend a little more to not be buying Chinese made merchandise. It is not necessary the Chinese people I have anything against. It is the Communist regime that runs their country that is the main problem.

      As I may have ranted in other places on forums the fact that something is made in China is a big red flag of the inferiority of the product. After all, if a company is going to move their workforce to China they, the company involved also tend to use very low quality parts in their products with inferior quality of manufacturer so that their products break really fast and do not last. One ends up wasting money by purchasing Chinese made products due to the lack of quality in the materials.
      • Dell

        I just cracked the case on the Dell in my office. Motherboard, case and power supply were all made in China. That was just the obvious stuff.
        • DELL

          I have a friend in USA that has her own business building custom machines for private customers. she said that she's disgusted with DELL because the decisions they made regarding their components. When she started her business about 10yrs ago, she had a lot of respect for DELL (as did my friend who's a programmer for IBM), but she said now-a-days they go from vendor to vendor looking for the lowest-price, which translates to inferior materials.

          See my other reply... this is all due to the customer demanding the lowest possible price AND Our increasing tolerance for inferior products (and Representation) over the last few even if We were willing to pay more, the corporate vendors still have motivation to go to the inferior good if We don't give them the feedback of "I won't tolerate this" by 1. lodging complaints/feedback, and 2. not buying their product.

          It's every consumer's responsibility to keep the vendor (whether mom & pop shop or Corporate juggernaut) honest. When something sucks, you'd tell Bob the owner if u bought it from the local store...why not start writing letters to everyone involved in the crap products (take the ambulance-chasing-lawyer's approach: I'll (not sue, but) write a letter to everyone that MAY be involved, and sort out who IS later... yes?

          How's Gateway these days?