More Blackhat SEO, Pelosi is Target

The blackhats continue to push their rogue security programs via Search Engine Optimization techniques. This time I ran across a site using US Congress House Speaker Nancy Pelosi's name. It appears to be all sorts of headlines and keywords such as:

pelosi says surge did not work

And there's also some not so flattering phrases:

pelosi insane
pelosi is an idiot
pelosi is a communist

Some well worded SEO there bound to attract search engine hits.

The site contains some Javascript code in it (well not anymore but it was there) which after traveling through a couple redirect sites ultimately takes the visitor to some rogue security software sites. One of which uses drive-by fake scanning tactics. The redirect sites contain quite sophisticated Javascript code to hide their purpose. They also appear to redirect you based on where you came from.

The two rogue websites by the way are:

• protectionbenefits.cn (83.133.123.113 Germany)
• securedvirusscan.com (94.102.48.29 Netherlands)

This is in no way "new news" as reported by me earlier this year Ford was a target of these fraudsters and Panda Security has numerous siteings. This surely will continue for as long as they have the ability to operate the sites.
:(

Various interesting news and posts

The Web's most dangerous keywords to search for
http://blogs.zdnet.com/security/?p=3457
I've long known that some 75% of all screensavers found on the Internet via Google search contain malware but thought that some of these words were interesting: free games, work from home, iphone, barack obama. Something else interesting is the finding that when searching for lyrics keywords or phrases with the word 'free' in them one of four sites contain malicious code. Talk about blackhat SEO.

Building an Automated Behavioral Malware Analysis Environment using Open Source Software by Jim Clausing
http://www.sans.org/reading_room/whitepapers/tools/building_an_automated_behavioral_malware_analysis_environment_using_open_source_software_33129
Looks very promising. On my reading list.

Ex-DOS and Microsoft Exec Heading Up DHS Cyber Post
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133855
Earlier this month Secretary Napolitano of the U.S. Department of Homeland Security named Philip Reitinger as Director of the National Cyber Security Center in DHS. This is a newly formed office in DHS. Previously Philip had held positions in DOD Cyber Crime Center and was leading the Trustworthy Computing initiative at Microsoft. Philip replaces Rod Beckstrom who vacated the post earlier this year citing lack of funding and internal support. I wish Philip all the best and hope he's able to get what he needs to get things done there.

Criminals force Google to change algorithms

According to reports Google is about to or has already changed their search algorithms as a response to the increased exploitation by criminals using black hat search engine optimization attacks. See article here.

That's great news, assuming they are successful, as I've been discovering and reading about so many black hat SEO attacks that I'm starting to worry about non-security users utilizing Google for search. I'm not satisfied with Google's response to these attacks because in my opinion they have been much too slow and in some cases don't tag the offending searches as a security risk.

Based on the typical information security cycle (or arms race) this won't be the last time they will have to change their algorithm but let's hope this makes it extremely difficult for the criminals to continue using Google as an attack platform.

Low post volume

Hi everyone. Sorry this blog has been getting quieter, I've been busy battling the rogues and other Internet fun. I promise I will try to update this blog more often than once a week.

My recent Targeted Blackhat SEO Attack against Ford Motor Co. - link to Panda blog

Speaking of rogue security software, Microsoft's recently released security intelligence report talks about the dramatic rise in rogue security software they saw on Windows machines during 2nd half of 2008. They saw a 15% rise over the course of 2008 from 20% of all machines to a full 35%! I would estimate that number is even higher today given the unbelievable increase in websites and "brands" of this scumware.

You can see Microsoft's report here. It's a pretty good report, worth a read.