Tweet Week: March 21-27, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Major Disasters in Poisoned Search Results
Only a few hours after the Friday’s 8.9 earthquake and the consequent tsunami hit Japan, security researchers noticed many poisoned Google search results for this news related searches that redirected web surfers to fake antivirus sites.
This situation nothing new. We’ve seen similarly poisoned search results for Haitian earthquake a year ago, for the recent New Zealand’s earthquake, for last year’s floods in Pakistan, etc.
Many people use search engines to find details about breaking news such as natural disasters, catastrophes, accidents, etc. Such hardly predictable events, have literally zero relevant results before they happen, so during the first few hours after the event almost any site with relevant information have good chances to rank high on Google. This short window when competition is quite light is all cyber-criminal need to have a steady traffic to their breaking new related doorway pages. Then, when every news site and blog add their 2 cents and there are plenty resources about those hot topics, only most reputable and most relevant web pages make it to the top of search results.
I decided to check the poisoned search results and here’s what I found:
Continue »»
Tweet Week: February 21-27, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Malware from .CC domains, WordPress 3.1 and changes in Google’s algorithm … »»
Tweet Week: January 17 – January 23, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Two Tweet Weeks: December 6-19, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Tweet Week: September 13-19, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
At Google’s Office in Moscow
My visit to Google, Moscow last week ;)
Tweet Week: Nov 23-29, 2009
Selected short messages and links you might have missed if you don’t follow me on Twitter.
IE vulnerability, MediaTemple security issues, Google Webmaster Tools … »»
Rogue blogs redirect search traffic to bogus AV sites. Part 2.
This is the second part of the post about rogue blogs installed into subdirectories of hacked legitimate websites. The first part talked about how those blogs redirect search engine traffic to scareware sites. In this part I will talk about the whole black hat campaign, its evolution and its strange connection with Servage hosting provider.
Generations of rogue blogs
In the Cyveillance blog, they mentioned two types of rogue blogs with “bsblog” and “bmsblog” strings in the URLs. Having played with Google searches, I discovered some more versions:
- bmblog. allinurl:bmblog/category search returns 281 000 results
- mdblog. allinurl:mdblog/category returns 1 880 results
- and generic blog (with specific categories).
So what do those strings mean? A quick analysis of the blogs’ content suggests that “blog“, “bmblog”, “bsblog“, “bmsblog” and “mdblog” strings in blog addresses correspond to different generations of this black hat campaign.
Here is the timeline »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
