Skip to main content

Criminals use Search result to propagate malware

A researcher at Sunbelt-software (opens in new tab), discovered a new technique by hackers to get people into downloading malicious code on their computers.

The cheap price of domain names combined with the fact that people generally tend to trust search engine results make this technique even more damaging.

The pages have had their Google ranking improved by smartly spamming blogs, forums and other websites that allow interaction.

Criminals produce pages (opens in new tab) with links in the form of popular-but-not-so-obvious search strings; for example, Adam Thomas who discovered the technique, was looking for "netgear prosafe dd-wrt" when he was redirected to a site pushing a fake codec.

Further research uncovered 27 domain containing nearly 1500 each containing baddies such as Trojan.Crypt.XPACK.Gen, Trojan-Downloader.Small.AAGX, Trojan-Downloader.Win32.Agent.ev, Trojan-Downloader.Win32.Agent.bnm, Trojan-Downloader.Win32.Agent.eus, Trojan-Downloader.Gen and Trojan-Downloader.Win32.Obfuscated.n.

Thomas also found out that one malware group was known to be connected with the RBN (Russian Business Network), an infamous online criminal organisation.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.