Criminals use Search result to propagate malware

A researcher at Sunbelt-software, discovered a new technique by hackers to get people into downloading malicious code on their computers.

The cheap price of domain names combined with the fact that people generally tend to trust search engine results make this technique even more damaging.

The pages have had their Google ranking improved by smartly spamming blogs, forums and other websites that allow interaction.

Criminals produce pages with links in the form of popular-but-not-so-obvious search strings; for example, Adam Thomas who discovered the technique, was looking for "netgear prosafe dd-wrt" when he was redirected to a site pushing a fake codec.

Further research uncovered 27 domain containing nearly 1500 each containing baddies such as Trojan.Crypt.XPACK.Gen, Trojan-Downloader.Small.AAGX, Trojan-Downloader.Win32.Agent.ev, Trojan-Downloader.Win32.Agent.bnm,, Trojan-Downloader.Gen and Trojan-Downloader.Win32.Obfuscated.n.

Thomas also found out that one malware group was known to be connected with the RBN (Russian Business Network), an infamous online criminal organisation.