Hackers Target Thanksgiving Day Search Terms: Report

Expanding their focus from Black Friday and Cyber Monday deals, cyber-criminals are also targeting invitations to Thanksgiving dinner, security researchers warned Nov. 24.

Users searching for Thanksgiving Day invitations online may encounter dangerous malware, according to a security alert posted by CyberDefender Research Labs. The researchers found a "high concentration" of fake antivirus products that can steal data from infected computers.

"Each year, more holiday planning and ideas are available online, and cyber-criminals are taking advantage of the opportunity," the researchers wrote.

Keyword combinations included "Thanksgiving Lunch Invitations," "Thanksgiving Invitation Template" and "Thanksgiving Printable Invitations." Out of 50 search results for each of the three phrases, nearly 20 directed users to infected URLs, according to the alert.

If users click on the link, they are shown a scam page that claims their computer is infected with malware and should download the tool to clean up the infection.

"Today, the scale of the problem is massive; not only has the quantity of threats dramatically increased, but the sophistication of the malware has grown as well," said Achal Khetarpal, director of CyberDefender Research Labs.

Security researchers found Smart Engine, a variant of the Virus Doctor family, as one of the fake software being downloaded. This Trojan attempts to prevent genuine antivirus programs from running, and users are unable to quarantine and remove the malware from the machine.

"Online tools such as printable invitations often require downloading to customize and print, offering cyber-criminals a straightforward path to target and infect the PCs of holiday planning consumers," said Khetarpal.

This attack is similar to the previous alerts posted by security researchers at SonicWall and Thirtyseven4 about Black Friday and Cyber Monday scams, as well as holiday e-card scams from Sunbelt Labs. Cyber-criminals are using popular search terms to try to cash in on user interests. Hackers are looking to take advantage of that traffic, Fred Touchette, a senior security analyst at AppRiver, told eWEEK.

Criminals create pages that are highly search engine optimized and spread links as comments on various blogs and social networking sites, said Touchette. Boosting those malicious pages' search engine rankings drive unsuspecting users to those pages, he said. The technique is called SEO poisoning, tricking Google and other search engines to treat these pages as legitimate sites.

Spammers and hackers often take advantage of current events, popular trends and holidays such as Halloween and Prince William's engagement to target users, according to Anup Ghosh, Invincea's chief scientist.

CyberDefender researchers and other experts recommend making sure that the operating system, browsers and security software are up-to-date. They also suggest enabling secure browsing on the Web browser. When possible, they suggest manually typing the link into the browser, and searching for deals within the retailer's own site. CyberDefender also suggests using encrypted search, such as Google SSL (https://www.google.com), instead of classic Google (http://www.google.com).