tag
SEO poisoning

Cookie-stuffing click-jackers rip off Victoria's Secret Valentine's giftcard seekers

Thinking of going online to get a Victoria's Secret giftcard for your Valentine? Be careful where you look! Some Google search results are rigged, especially image results. And some innocent-looking links are part of fraudulent activities such as cookie-stuffing and click-jacking. Below is a short video that shows what happens when you click on one

Beware of SOPA Scams

Tomorrow, on January 18, 2012, dozens of popular websites covering a diverse range of subjects will be blacking out their home pages in protest of the U.S. Stop Online Piracy Act (SOPA).  Some of these websites are well-known, such as the English language web site for the encyclopedic Wikipedia and quirky news site Boing Boing,

Gaddafi and Search Poisoning: Think before clicking on search results

Scam artists and cyber-criminals welcomed today's news of the demise of Libyan leader Muammar Muhammad Abu Minyar al-Gaddafi (often referred to as simply Gaddafi or Gadhafi). Why? Because few events fuel Internet search activity as much as the death of a famous–or infamous–person, although celebrity weddings and divorces are also a big search driver. It's a

Mining Social Data Led to Johansson and Aguilera Hacks

News that the FBI has arrested the Florida man they suspect of criminally hacking into devices belonging to celebrities such as Scarlett Johansson and Christina Aguilera is welcome, definitely a win for law enforcement and society at large. But the good news comes with a warning. The technique used by the alleged perpetrator was to

Osama Bin Laden Video Malware

The bad guys know you far too well. They know that all they have to do is say they have video footage of Bin Laden and many people will mindlessly click. As is always the case with any big news headlines, there are fake videos being posted with the intent of infecting your computer and

April ThreatSense Report

As you can see from this photo from the Infosecurity Europe show, my sessions down at the gym are really starting to pay off. :) As I mentioned previously, the update process on the monthly ThreatSense Report continues, and the April report is now available here. While the usual look at the top ten security

McAfee FP news misused for more SEO poisoning

We're now seeing a fiercely concentrated Blackhat SEO campaigns exploiting the McAfee False Positive (FP) problem. Juraj Malcho, our Head of Lab in Bratislava, reports that in a Google search like the one I've screendumped above, he got three malicious hits in the top ten (the same ones captured here: of course, the malicious domain

McAfee and SEO poisoning: there but for the grace…

ESET is not going to try to capitalize on McAfee's unfortunate false positive problem (and nor, I'm sure, is any other reputable vendor). Such problems can arise for any AV vendor: it's an inevitable risk when you're trying to walk the line between the best possible detection of threats and avoidance of false detections (someone please

SEO poisoning, Londoning and Icelanding

I was asked whether I'd seen SEO (Search Engine Optimization) poisoning relating to the Icelandic eruption and the very widespread grounding of aircraft in Europe. Well, there were certainly attempts in March to exploit the earlier Eyjafjallajokull eruption in order to drive googlers interested in finding out more towards malicious web sites. So it would be naive

Guest Blog: How free is free Antivirus?

I've noticed a number of tests recently that seem to be intended to prove that free antivirus is as good as commercial AV. As it happens, I'm not against free AV in principle, as long as people are entitled to use it – commercial use of free AV is usually not permitted. And I'm overjoyed when

Polish Air Accident and Blackhat SEO

Thanks to Marcin Gajewski for pointing out that Lech Kaczynski was the President of Poland, not the Prime Minister. I really shouldn't try to blog after a full day's travelling :( While I was enjoying a rare few days off, my colleagues at ESET Latin America were posting a blog article about the ugly way in

iPad jailbreaking meets Dr. Who and Inspector Gadget

[Update: it appears that the information I had earlier was incorrect or out-of-date, and there has been loss of life. There's also a report from TechHerald suggesting early exploitation of the incident for SEO poisoning leading to fake AV. However, a quick scan currently (Monday evening) shows news items from such known malefactors as the

Unnamed App: it’s the SEO that matters, not the app

As more information and discussion has come in on this, it now merits an update in its own right. It seems that there is at least one other unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing

Haiti Help Resources

Update: more resources I picked up on  a security list just now (I'm drowning in email here!) Apologies for any duplication. Update 2: more additions below. @imaguid pointed out in a microblog that there's a pattern to the use of social engineering around disasters like the Haiti earthquake:  "first comes the tragedy, then malware purveyors exploiting the

October Global Threat Report

As usual, ESET has released its monthly Global Threat Trends Report, which will be available in due course at http://www.eset.com/threat-center/index.php. There are no surprises in the top five malicious programs, which have the same rankings as in the September report. Clearly, not enough people are taking our accumulated advice on reducing the risk from Conficker,

9/11 – Nothing Is Sacred to Scammers

Here in the UK we’ve seen quite a lot of media attention (TV movies and documentaries and so on) relating to the 9/11 attacks, so I’m sure there’s a lot more happening in the US, today of all days. Sky News (http://news.sky.com/skynews/Home/World-News/September-11-Terror-Attacks-New-Video-Of-Plane-Crashing-Into-South-Tower-9-11-Memorial-And-Museum/Article/200909215379149) has published an article that includes a link to a video clip of the

Fan Check: Fretting about Facebook

Update: Lysa Myers, of West Coast Labs, has confirmed that she knows of a number of people who’ve used the application and didn’t see anything fishy happening. It did offer to send emails outside Facebook but didn’t insist on it, so it’s hard to see where the messages from unapproved contacts are coming from. I’ll

Fake Antimalware – Old Dogs, New Tricks

(1) Websense, our neighbour in San Diego, has reported a fake anti-malware scam centred on Labor Day social engineering. The scam uses malicious SEO (Search Engine Optimization) techniques, sometimes referred to as index hijacking or SEO poisoning, to misdirect potential victims. When the victim uses Google to search for Labor Day sales (apparently these are very

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.