GCN Tech Blog

By GCN Staff

Blog archive
David Rapp

Malware goes viral via search engines

We all had a chuckle in the newsroom over the Serena Williams poisoned search attack that didn’t work. Unsuspecting users searching for news or videos of the Serena Williams meltdown were, in some cases, directed to a malware site that infected users’ computers.


More on this topic from GCN:

Video of Serena Williams' outburst could go viral—literally


But when the site was investigated by Symantec, the malicious file was found to be corrupt and did not run. A lucky break for those who went to the site, but as our security ace Bill Jackson put it, “you can’t always count on incompetent hackers to protect your computer.”

But apparently, you can pretty much count on unsuspecting users to damage a computer. Here are some news reports on recent attacks that relied on social engineering to trick users into trouble. (Not to worry: we’re sending you to the news reports, not the malicious links.)

Darkreading.com picked up word that the recently deceased actor Patrick Swayze (star of Dirty Dancing) may also be suspect of poisoned search attacks.

And right on the heels came a similar attack on people searching for information on the California wildfires and the September 11 anniversary.

It’s not just fringe sites that are hosts to viruses. Recently NYTimes readers got ambushed by fake ads for antivirus software.

Meanwhile, on Facebook, users were alerted to the need for a “removal kit” to clean up an embedded virus on a Facebook application. Turns out the removal kit is the malfarious culprit, according to Computerworld.

Makes you wonder what it takes to get a geek to bite on a viral hook. Any other lines floating around out there?

Posted by David Rapp on Sep 15, 2009 at 9:39 AM


Reader Comments

Wed, Sep 16, 2009 ARY FL

During this summer I've noticed that many malicious sites are using Google tools and other search engines to keep on track of the most popular searches. Then all it takes is to boost the rating of the honeypot page that will prompt to download a patch to "your infected PC". While I was visiting these sites using Linux box it was funny to watch how they simulated Windows and MSIE error messages. Low quality job... even hackers of our days don't bother to do enough QA and testing before going to production.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities