Only a few hours after the Friday’s 8.9 earthquake and the consequent tsunami hit Japan, security researchers noticed many poisoned Google search results for this news related searches that redirected web surfers to fake antivirus sites.
This situation nothing new. We’ve seen similarly poisoned search results for Haitian earthquake a year ago, for the recent New Zealand’s earthquake, for last year’s floods in Pakistan, etc.
Many people use search engines to find details about breaking news such as natural disasters, catastrophes, accidents, etc. Such hardly predictable events, have literally zero relevant results before they happen, so during the first few hours after the event almost any site with relevant information have good chances to rank high on Google. This short window when competition is quite light is all cyber-criminal need to have a steady traffic to their breaking new related doorway pages. Then, when every news site and blog add their 2 cents and there are plenty resources about those hot topics, only most reputable and most relevant web pages make it to the top of search results.
I decided to check the poisoned search results and here’s what I found:
Some webmasters have problems locating the rogue .htaccess files so I decided to address this issue again.
Continue (some new facts included) »»
This is the time of the year when online sellers do their best to attract herds of holiday shoppers. Software pirates are no different. They offer huge discounts (up to 95%) for popular and expensive software products and provide user-friendly online stores. They even made their sites one step closer to you!
Having read the Sucuri’s article about the kirm-sky .ru attack, I decided to complement it with my own information.
I started to track this website infection back in April. It has been active all these months.
EMI Music is one of the world’s leading music companies with many successful record labels and signed popular artists that include The Beatles, Depeche Mode, Gorillaz, Iron Maiden, Kylie Minogue, Pink Floyd, Queen, Snoop Dogg and many more. They have their own web hosting subsidiary EMIHosting.com that provides web space for EMI’s websites and many official websites of EMI artists.
In the beginning of this September EMI Hositng.com was attacked by hackers. As a result more than a hundred websites on a server with IP address of 195 .225 .83 .57 have been infected with a malicious iframe. Google’s diagnostics page for AS34401 (EMIMUSICGROUP) says: