It’s the shocking mystery hidden for a millennium: What will Da Vinci Code author Dan Brown’s next book be about? But, beware, truth seekers: Chasing the latest clues to the upcoming novel The Lost Symbol could expose you to a vast and secret conspiracy that’s been manipulating Google search results to push malicious software.On Tuesday, NBC’s Today show kicked off a week-long promotion for Brown’s Da Vinci sequel by airing the first of a series of clues to the thriller’s plot, in the form of a tour of a real-life biological research facility nicknamed the “Death Star” because it houses dead animal specimens. Host Matt Lauer challenged viewers to identify the research site and its location, and thereby acquire vital information about the novel. “Suffice it to say, that this facility is a big part of the book,” said Lauer. “So, if I’m in a place called the Death Star, where am I?”
But on Wednesday morning the top Google search result for “death star research” — the logical query — would bring you no closer to unraveling the Lost Symbol mystery. Instead, it produced a malicious website that uses pop-ups, mouse-trapping and a well-executed fake virus scan to trick you into installing a Windows executable that will screw up your computer pretty badly.
The software is a scareware product called Smart Virus Eliminator that pesters you with false virus reports and urges you to pay anywhere from $59 to $79 for a “registered” version of the program. The code does other bad things as well, and is a well-known scam linked to an Eastern European cybercrime group. What’s impressing experts is the rapidity with which those black hats are able to use search engine optimization techniques to plant their flag atop a trending search like “death star research.”
“They stay glued to the news — they’re quick,” says Sean-Paul Correll, a threat researcher at Panda Security, and an expert on the scam. “This gang is basically the biggest cybercrime organization on the internet right now.”
Correll says incidents like the Death Star attack have reached a fever pitch in the last two weeks. Searches on the California wildfires, Ted Kennedy’s death or Hurricane Danny, among others, have all turned up high or top-ranking scam pages delivering the same slick extortion code. Keeping up with the trends mean the attackers are rapidly setting up or reconfiguring networks of thousands of web pages that all link to one another — and the scam sites — using the hot keywords of the moment, thus gaming Google’s page rank algorithm. But apparently it’s worth the effort. A analysis by Panda concludes the rogue business is making as much as $34 million a month through the tactic.
Google, of course, has been working with StopBadware.org to try and warn users about malware-loaded sites. It also generally tries to counter rogue search engine optimizers of all stripes. But as it speeds up its indexing to keep pace with a real-time web, the countermeasures are clearly falling behind.
“These are real timely events,” says Correll. “So if it takes more than 24 hours to take care of, it’s not an effective means of blocking. People are searching today because they want to know what Dan Brown’s next book is going to be.” Tomorrow it’ll be something else.
[Wired.com]
No comments:
Post a Comment