Legitimate Halloween Costume Sites Infected
All it takes for a good scare this Halloween season is a search for "Halloween costumes": That query turns up legitimate Web pages that have been infected by the attackers, according to researchers at Trend Micro.
Trickster attackers have inserted Web pages on the legit Halloween costume sites that come up in a search and used rogue JavaScript that invisibly redirects the user to a malicious page. It's a new twist on an old trick of manipulating search-engine optimization, according to the researchers.
"Usually in SEO Poisoning Attacks, malware authors compromise websites that are already top ranked in search engines…"
Click below to read more.
All it takes for a good scare this Halloween season is a search for "Halloween costumes": That query turns up legitimate Web pages that have been infected by the attackers, according to researchers at Trend Micro.
Trickster attackers have inserted Web pages on the legit Halloween costume sites that come up in a search and used rogue JavaScript that invisibly redirects the user to a malicious page. It's a new twist on an old trick of manipulating search-engine optimization, according to the researchers.
"Usually in SEO Poisoning Attacks, malware authors compromise websites that are already top ranked in search engines, which may not be related to one another. Once compromised, they insert a specially crafted webpage on the compromised website so as upon using search engines or site searches, they can easily be visited or referred to," says Lennard Galang, a threat researcher with Trend Micro <a href='http://blog.trendmicro.com/%e2%80%98halloween-costumes%e2%80%99-bring-more-fright-than-expected/' target='_blank'>in a blog entry.
But with this Halloween costume attack, the rogue Web pages inserted into the compromised legitimate Websites contains the keyword "Halloween costumes" so they will come up a search. Once the user visits the page, he or she unknowingly gets redirected to the attacker's page, which displays a convincing-looking browser pop-up message offering a free scan for adware or spyware. The message says that your computer "is running slower than normal" and may be infected, so download the free Antivirus 2009 scanner to clean it up.
But clicking "okay" downloads the now-notorious rogue AV program/Trojan, which has been spreading rapidly via infected Websites. Trend Micro says this attack is similar to one last Christmas that targeted Christmas gift-shoppers.
Source: <a href='http://www.darkreading.com/security/management/showArticle.jhtml?articleID=211600778&subSection=Attacks/breaches' target='_blank'>DarkReading.com Article
ghost 16 years ago
haha i just find that funny xD "free scan for your computer! download our software cos we're nice people.. please? :D"
ghost 16 years ago
Yeah, that's an old trick… Still, there's a whole new batch of ignorant computer slaves to fool now. The point of interest for me was the term "SEO poisoning" which, although understandable, sounds odd when you actually try to figure out how exactly you would go about targeting and poisoning the SEO of a site. The way they're referring to it, it might as well be called a "GoogleDork LIMIT 5" or, back in the realm of reality, an "SEO-related attack".