PandaLabs has identified thousands of links designed to target searchers looking for information on recently popular targets. With the goal of infecting unsuspecting victims with scareware, Twitter recently has also been bombarded with trending spam.
Blackhat SEOs targeting Google search results came to light this spring to redirect trusting users to scareware sites—sites falsely warning targets of viruses on their machine, offering fake system scans, promoting expensive fake anti-virus programs, and installing Trojans.
The cybercrooks were tremendously successful in manipulating Google’s search results by following trending topics on Google trends and dropping links into comment areas and forums all over the Web to boost a site’s authority.
PandaLabs discovered a reprisal of this success with scareware sites ranking at the top of Google’s search results for queries about YouTube videos about Microsoft’s Natal project. That’s a double whammy, a popular target on an incredibly popular website.
In fact, PandaLabs’ Sean-Paul Correll discovered 16,000 of these malicious links targeting YouTube queries. Another 10,000 targeted “France” as malware distributors sought to catch traffic related to the Air France plane crash. Targeting “Microsoft,” almost 9,000, “E3,” over 3,000, “Eminem,” about 3,000.
“The sites are all hosted via Lycos Tripod, which is a free web host,” writes Correll. “This allows the cyber criminals to create thousands of free sites to take advantage of the Blackhat SEO and then simply redirect the free sites to just a handful of their own servers.”
Focusing on trending topics and hot web properties has caused Twitter to become a target as well. Over the weekend, Twitter was hit with what is thought to be the first scareware distribution attack. It didn’t stop at the weekend, though. Scareware attacks continue through today as cybercrooks target trending topics.
Today, as the band Phish’s “PhishTube Broadcast” became listed to the side of the microblogging platform, cybercrooks spammed the topic via bogus accounts, taking advantage of URL shorteners to mask the destination site. According to PandaLabs, the links led to malware residing on PornTube.
Correll found that zombie accounts were posting hundreds of malicious tweets targeting popular topics like Conan O’Brien, E3, and Will Ferrell. Applications allowing people to automate their tweets makes spamming Twitter’s trending topics list incredibly easy.
Security company Finjan says this weekend’s attack invited Twitterers to click on a “best video” link leading to a scareware application hidden within what appeared to be a YouTube video. This triggered a second download of malware-infected PDF file.
