Bot Herders Use SEO for Massive Search Spam - A Second Wave?

(Page 3 of 4 )

The first attack had some interesting elements to it. According to Sunbelt, it was clearly targeted at Google. And an examination of the JavaScript behind one of those malware sites revealed that it had some interesting aspects. I won't go into detail about the code, but I will quote Sunbelt directly about what it found: "So, if you use search terms like 'inurl' and 'site,' you won't see these malware pages in your results. Clever, since that's one way for malware researchers to find stuff..." In short, the hackers behind these sites are making an effort to hide from their pursuers.

By Thursday, as I mentioned, Sunbelt saw some signs that "another attack may be on the way." The company saw a suspicious spate of new .cn domains similar to those already registered and used in the first attack. Actually, it could be worse this time, since Sunbelt thinks that there may be two different groups at work.

The first one looks like the same group that was involved in the original attack. When you exit a web page belonging to that particular malware-serving network, "you get pushed to install Spy-shredder, a rogue antispyware program," according to Sunbelt. What you get is a pop-up that downloads Spy-shredder onto your computer even if you click "cancel." The second group "simply shows users a site which is trying to generate traffic (for the purposes of getting affiliate commissions)," Sunbelt explained. While the security company said that it wasn't seeing site serve exploits from this bunch, it noted that this could change at any time. As a personal note, it was the Spy-shredder exploit that tried to catch me.

Google knows about these problems, and that things are getting worse. It ran a post on its security blog recently titled "Help us fill in the gaps!" in which it appealed to its users for assistance. "Currently, we know of hundreds of thousands of websites that attempt to infect people's computers with malware. Unfortunately, we also know that there are more malware sites out there. This is where we need your help in filling in the gaps. If you come across a site that is hosting malware, we now have an easy way for you to let us know about it." The post links to a form for users to fill out when they find a site that is distributing malware.

Next: Other Paths and Repercussions >>
 

More Search Engine News Articles
More By Terri Wells

Comments On: Bot Herders Use SEO for Massive Search Spam

· I hope you found my article informative; thanks for reading. This is probably one of...    · It is very sad this is giving a bad reputation to people that work in SEO field....    · Why don't Google just add the condition that a 'day or two' old domain can never...    · Google may have to resort to something like that, is my guess, assuming it's...    · It may be a question of resources; even Google's resources aren't infinite. I'm...    · Last week I checked my incoming links that Google did find at the "webmasters-help...    · Wow, thanks for mentioning that! I guess it just goes to show that you should check...   >>> Post your comment now!