Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Webroot Says Hackers Exploit Google Trends with Malware



 By: Clint Boulton
2008-10-01
Article Rating:starstarstarstarstar / 7


There are 1 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Google Trends is being used by hackers as the vehicle to reach more victims with malware payloads. The latest assault on desktop and notebook security prompted security software provider Webroot to alert PC users to the malware, which attempts to bait users into buying destructive software. Webroot's advice? Keep your PCs and Macs secure, your anti-spyware updated and don't download videos from strangers.

Security software maker Webroot said hackers are now leveraging Google Trends to lure unsuspecting victims to fake blog Web sites riddled with malware.

Launched in May 2006, Google Trends lets searchers enter up to five topics and see how much they've been searched on Google, as well as how frequently those topics have appeared in Google News stories around the world.  

When Google Trends detects a spike in the volume of news stories for a particular search term, it labels the graph and displays the headline of an automatically selected Google News story written near the time of that spike.

Hackers are apparently leveraging Trends to find out what stories people are most likely to look for, based on the subject's popularity. To seed their dirty code, hackers construct fake blogs with video links about the news for which users were searching.

News hooks are likely to include popular news stories, such as bits about the presidential campaign, the financial failures on Wall Street or Major League Baseball's playoffs.  

Once a user clicks on one of the video links, they are asked to download a video codec. The codec downloads a rogue anti-spyware program geared to bait the user into buying an illegitimate program that may put their personal information and data at even greater risk.   

One question bothered me about this scenario. How does Webroot know that Web sites are using Google Trends for their malware mischief?

Paul Piccard, director of threat research for Webroot, told me that in the course of his research, some of the malware proprietors brazenly mentioned on their Web sites that they leveraged search results from Google Trends as news hooks to lure users.

Hiding malware in video links on fake blogs is hardly new, but leveraging the relevancy Google's algorithms enable to bolster malicious site traffic is an increasing and disturbing trend. Piccard told me:

Malware distributors are going to where the people are instead of setting up sites that may or may not be relevant to a user's interests. Just like a legitimate Web site, they [hackers] are determining how to drive traffic to their Web site to download malware. By looking at Google Trends, they are able to get a better idea of what people are interested in and how they can trick users to click on their links through search results or appear to be relevant to what a user is searching for. If you're looking for something about Wachovia and the bank group buying them, you'll start seeing these results, you'll click on one and you'll assume it's legitimate when in fact it's a malware distribution platform.

Resource Library:

I asked for a link to a specific example of a site but Piccard said that due to the risky nature of their malware missions, the sites go up and down so quickly. But I've asked him to keep an eye out and will update with a link to one if it presents itself.

If anyone else out there spots a site they believe delivers malware and mentions Google Trends, please drop me a line.

So what is a user to do? The obvious duty is to be vigilant. Avoid these exploits by refraining from downloading content from sites you're not certain you can trust.  

Webroot said users can also avoid these Google Trends malware traps by installing current Microsoft or Mac security packages and keeping anti-spyware products current.





  Reader Comments: Webroot Says Hackers Exploit Google Trends With Malware
>>> Post your comment now!
A user comment on this article
Clint Boulton here. Have you stumble upon suspect Web sites you believe exploit Google Trends or any other Google application? Send me a link,...
Posted At: 10-01-08
By: Clint Boulton
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Clint Boulton
 


x}r۸j9km#dKb[^N"!c")ۚ9eoPd2{'3%lh@ޛ$\8acr3c |{ޤ>? !?F0TE[ Ϡ^=N-w5 E]0ezNv@\}@^cF7D%x_'Щ=ѩ€wɄIP/4ޘ1=/SmL}F7\3meb ھI=E9JGDqERGgEQH}$c1 [tV9v oT| pTƦ;=a>"%%k4ًϣшqG/w0Ə{/<PU;a͏r;hP;UyaUh/@Z#\DȁRh=3d9c';{ -XdUHeCc`Ww,ǃɩT* TkQ3#mjZ35-3GؾQ̀A3E5L_CԿ($fҀ[8Qˉ׌<{e ^07ND_"QYTi|/LZ@ WP uN.jzQҏZN-p\(*H.c=I-bv=ӧH0CF^8rri[򳩥}o\tzmotgH>߉ekby1jPAb(`W:+ԩZtܞn/9n;WmuoHs!)|rf!5 0\68֪׷V׏`KėvO|SS&ںa#jCIͽEb=nIo]8蜒$˷SYn[_ `HlDiYܾʑ\ya(7F`XӀ7? iP2ML9oX@.@ש#07ۯzxxf-Mf "dLi|])P3Z$923:ACA4icŦh4@'&h`C:}ҍ:L  wF|hx: }C 00w!DAЂMx>tTێ]6}l29<8({hk =`D+wKPb(բ!Tgf,Zz] X.Gs 6Gv64-03RF\Q@-2(%EE29 EEKi@( $h5N`ŕlb(?LHX-VpDm'8.3Pr XK){TKh+K@f:34YIJM힟u]_*ȉ#m"09X -gZ Xk%ּ f |:IoB{42u0suYL MXb HK%\EwT-::{熳~ h? OzuO  +Zsƾ : jI!VBg';oW fnR>RJ=""ǰ@3>`L)^HIbЙj!@)z٧l.>?ΖuV"kͲX]۽/ 7r@^օVP 2L%kZԕ1%/E$$BY`}.EGQHd - 686p#>7l{`(`R rQj#0QPXjgܱ%6 9P87C~0.m^φgXީz>|$=r;[yor g)]hp܉HhQ+maͨ(55>ka@/ű@b=]TWաcًͧʰw^^vԿ>Q6nmz+CoLt Dm G#|ӚC;Os']1=Z`"Af2Ƹ'q?|2,exY΁=mQr1'j3s4]Zj\,8aRo5> UT#!őMTbEah;(l^~|uN0\Sњa+34тq-*IH-b[(Q<&3aS'턇w4`Hiܸ/|P"X58 y }@*&OZ1-[ :T#;$⦼t݁bIt?I M!RB3]==1 2~5;t&UkbیBEUZVQY+g7#UFQH.ag4'u`ޝoo>0zxI9[Jt:rȵ6g>t0yLLZ<5}˅CӅt~>EV:6őG@փ kJAUm~4V8wf;< O?a#ECf0!L9 = =+jZU 0Lf?6q~m@"Osz0b_aY[ ȟTkE}fVWC7{)jf#R @ h`! 9}G(,Pl O k"5e3ViV))^%f0Аjih^._Qm(}gnL̺ >~דorfF퇛++1 8Wqo퀂ȋW%Gj1e+7atE?OZ(Cm0hRYpg=HY9޼Vߺsjz6eVA=ajv7oa:\ L'{+e*r6#_>M=;L4G;.E;`8S"vbGymvX q)(k1 .+U`Җ Ћz +49aؠGsHR>1To\KpVӿ} P5ufK)+J,P_A Ұg /3_5u_f&էny* 2yģT1# y $6-.wEЋֶ7uA5`|l&\#2Ob (KYM,aTKjp9ւ NQc=ȫA,Bn#|pǞfP X#7u1H>rS-b dri#ZMbZe%!f!WV@Np]FmEmP…3S`Okps%sp:'S 6PFͧz*EPaAf<^ΐۍu3ק~ 6eFZ˴X݂ā3o?f/$NM.j2~*@?2TijvJ 5P%,< ?>wd,j+LGI4^&.2O%WW\ϸ_A|=h/$ΆRT(@mj%ww\(4 #kF)Ujjea%O.'-U*JxX8YPX9H(P Yt>[mpD3 KmCXr|MN?KHHD>DWF\{e";QXk\;ڿ~,Ԕlj K L$T)Ch/O00Ը:@C>KV_G|L`MUK\6ߵpC-tPdNR(1I16dd+]=/aoVta ]a孀 _9Kys%}ڽhsՖ's5B EAV#=Mxi)qm2YC42p\8$]w ST_p@5!/{jpbaNDž$"ZgHܠ,*~vͣ ۳}o#8 Z`!woH2D&_1waXH\T dDӻh~N%e؋n/l! D78S*PW"REH%IAFZM^f| bt4Du>h/R~C<B<_dxD %'BY{pң3YdJ긵vRt/0?xؾ6 >&iZ Í76w jE PARB9kũ$-ݱi'y0:Fp8쀒N)zLlOܡM]kĖGS9^)L iux>Ƞ3%dBfye5)a5C@YeI~@a'1ۡX#ۓ]7G8 (OLkrwisy/Psn%10:r2iv(5~y*AB|$Hy0ΓJw鳁|!)EC^}+ Iǂa|x"p)xh3^Ey^=̗{.êvS f= [Cy=r“ڸ%6lN*tb,_==RӅce'9$st7اڜcq=vhϓ{~\[܍ē99Bn8: ˳ (q1~<,?4f8?꒫n4/Ҽ?1LNڠ_ |1$?[0{#|&~>x_GM>x@uS棏g ڽ9kreݨ+=lK_x?OKҽ{c;ᧅmEst33*Q$XH!HZU7}ʜ9%'+s|<03(o%P2QY:pGҤsmfOQ>]f+wP{_x͞YiYU9/r\-"nZ^ླྀ|W90.=y$/Av} ,D>?GBa"fFs8EE[\Ӧmff73G??C4ȥ;ƫ;`!3ȑ +Ӡ9m*Ƕs$;gr0 1> l;mmݭn T v_!O!%FJMc-!_к õcVǴ Ip8|+؊wfo_O6oN{kA|;-eWc/*Inc b |kI5%?8=3q x{3d\ڊ}fK~~ &z/ Zp8q<3 ~+lFYY5ӨRAŇ&L+dXZ7AE [:ӡ8*٤?PCt0Kb`JMoՌ#XC<5}_$똰jdN0o_ްMڿxs17^fylO]˙SJ.M#$W鑰6OڀnAvMKA8,="A:v R٠#8rPQ;j0fx£Cε{ "`{,Q(HAʛ*Sk׊[ln -l0`x2QR7ޢ3 F3򔱣9 v<']D$L.'U~/n!w렳$*<ϝ,=YM64q9m杁hW׆.-[(G@9X{2N~n gUAZT1Hh~Md6bwjﬖءNtSetN.8X" J~Z O`[5U)=U/sE.9AQW9t8= z% G^$E/|m/Qʖ6C ~l9/0fV`fulӗN5[i#jY s`F(XёgRxHw0|_/lHDžF3[Ow`QcLa|l%D5b揩k S)]Ox^J:uO{ۼ%eg)Iǧ1|ot2Hk-kޛNTPT8Фkv$L -ϼCK 9;HRpR @x9/]/K@ْ_},8G KF$9NO-ǮM0|XT$ud$CEoG&Sx[؋*WbVy2Tԛ_IL]ϹgA _U,i`3xA:H7fTˋvI..aDD˰Ö7"D4&y6^▴_}q*tߛn6~ ƋK rLgQxxћT(Z>O|'M4~9-g|?$<ZT?Z.-5hXWh#'x:7) P *jRߠ8Ho\cc/1E_f21W 5}_Wa~jCȗyX 'ɋ>}",b1EKl@.]h C}L}<#›S (=! =b[1+87~IAvXZq})6-Ӣ=h`/ Z3=}k" I3!7|^cͷ'Ug8. 2ä>&Svh6`i.f0m!_`n3]y+/Y9qU9ga0D%]D~2>;8q/)j~h!W:U&8-x]Q).^oN ZTvxٽI? tXQ֌rc[Qt!UUkv0{#}M[,pMKpr_M ,vI˖R] uTeQOǽ4'fUsN.KN(aS$ܕŤAI҂B4RZF▵tyy`Dl Gꨶfa&ީ 0ka$+"B#@ O^a)qc) +px# ΃L,T#AEKflǛjüacNͦ"f(xѴ;B*]sN o0.TCu5b?= tG(zdq2// #|kPWsƄwuGWe:50Qj5sy\UBI?Zj>A1R9mfbfƆX50Vz^3mlz^C>M` L }+n'-浻9ʺknVu&WCKV#'.Bh pKm$:R(uⶴ8Ђm x;4lSKaZ)$~TRUs"1kjžv7Cy^ iwyӗǎ JP+`{Td\yxzCPJҿ4\=9ಈG]x#qK #/ by[9i}TX,|<{t<;(Z<<}Q,턂r1F'Rx%'쇇1l˖C_`wk!V]K5(^(]Y;9JXC @/0߻s{YV^]92YFtfhEDmJ<\s˩Dyj$Z(Mϱ{#/նS#=`XYrRg/ӸͬG[VjYIva~Xev h:'皭٦v lAK 4t KY&M?`߶b:,=70J"``^*j,4wt1M 71jZxUS^8͈TTcЭB)˪M;InP}wY?e=` '24/xyBBM} hM,[|U:aj|%wҥfZ,ߠE _~B`to¨`*UQ9TB5]:Gw/tX3/b=3-Ѩ#^>xAa`IԓFpS;B΀!,E|tz['U}H?Km1Ghb#3!F0\Ǎmٹ WEo*4>wf(M$ :}G4 "`atS}b~s~[Y.+JAWLI-='@?rarnh󟢁o9gkH0 r)؇c*7W=P)bNDu*t03*%r&cP <"mGg^q79k[ 45@! ^C. Q?9mDRTa㍙i7@FӦ$mLEaAӃ,\36Fiŷ^(l8*wxcF||>ǨkyπRtQ:..( o%H)[P,(ωpk2%TJTmn$>9o}Y=sJLma`t.t>ѦqP/nN3@ S3 f;._ l9 :W@Lg>򽉡:ςݝs)aR;<2Q6IB qXR~DB(6s EH릧 u;1u_f@p),f,ԪR&uMu]j9q^]{ YQ^"`ӄ\I \Q] / PI3%/.ڟh,\y}}uoHݴۤwzӹwW}ѽcR֊_ԝniY}}ӹgR6/M&ƋBY22 gW6Sfr=Zsi.$ "Gcɂw]%;飱8/y$; Uüj1ű4 Pl?z M+dc+t6gg:,?.9u Ƨ^ZZǬA*GM&7ba׾hIk&5+ۼr(3?C(Y_~JmfwQ__P~ sww?/?VieC:CL*^Q ?/A5.31K{Ke~.a̠K DG(Q~d_BeF9U^\eUu݌wAt3OK7C\}\g5 M``k}?f>f#cn66~oیon3/$)CAy3Ϛ׸pz~;9(/'Rz UKC(ϐg3VڍnV`{J1g+^W s}m%R+ ]Q%|A}%k{Z1nvd ba/ KPe^ٛTz#GP78%Y}MJ 4tk 7b[yDYQI{R}tEOI>t𞫫qLw<ߔ[nNJ>s\ȜH8V0fY !kSœO}oND1KA1_wͣ,E ;H_`9e`jE~@' @8Dw9awn7QpK|OK}v.nmG;yh#ֽ2b;w K췡\2<% O܁σfţu>TVl<-t&j\eܣf(+@J~t p7zFJ܌Ӄ:Xڧn:Oii\5/wmОMEA]eGӠS7US !Pio0dp= 礏.ʼnS ;wC-=C O7nƜ8,w@3ebIP ZjZVr?'7d6=8 "2xk 5ZUEVjro9 lKUr(RB4|O۴W)Y74 yVi8an%[C DK(xxmER{_ƌmBfPռD<'u~m

taxQptd+<8^o p1Q.`:}nf:F`wūqxL´kDὁm&Ĥg G[[ZO,fhbErb9GU ZQ8݈89p<`iMx_ ɝZ OY=y kjs?fuBlk8ӕs&+up/pO^ۍCpxufL~.+.'%v1,[#1P YY/56qtwkd9HR=I*4UMf΢ْ$nQ[w*aʹD.vUlv[%Oe`'/2^;' Q+π 8H2Gd!᳤c"ݑѧ%^Πb/MzKV9j[((& ]aFʪv\|n%]*$Cb9G8]! ""#`A]eD$u@g ߅ϩfC>X6dٱs1ebV!qdFӧ7-[@O"C24ص=^pgUvy* *>`H6A1^Şi3|@ =( oF8*`y%K@44{F q얢U.nDl aA0n%/ـ&@6G:qSrMvQmQ-ন+N?X71Ȟ|N4u |ڕa=rksa&ngNb k*φŀ𞭞d_qxN|L/Xثu 2^9FBLj3mf^^kti( aaX:`-hs&ǂ)0ѕDM1F(ͦ,1.f  Ax&=`#hxb<nh1 d'kI )}ɦbNԌaBbr =hL$g8% s^೐|,/A,r*r*]xWI"cXM?#T+K+ Sq|h/]7,{՗ΚOG<|Xyx8~.3JbQ'.mwޝVv/71X744O߿~jIaE yiNђu7vH]7[ջdEg .A|>Ðy6#xL 귦kuP)TA$7yE1em*P)Պ[]jv[W(~r[)CU:M\"GZi/%!zRMjS9Q2kEs+&|ƷR2ұeRZ`l/Z6?-