Of Hackers and Headlines
The trend for ages has been for hackers and malware distributors to tap into current events to more effectively target their attacks at end users, and just like everyone else, when the bad guys want to know what's hot, news-wise, they're heading right over to Google.
In a recent report published by Webroot, researchers with the security vendor submit that attackers using the infected blog site angle are increasingly utilizing Google's Trends Labs to mine headlines for their posts and increase the likelihood that unsuspecting people will be drawn in by schemes involving truly hot topics.
Webroot's experts specifically report that attackers are more frequently looking at the top search terms being entered into the Google Trends Labs engine and using those key words to craft their threats.
While the trend toward headline-themed e-mail attacks has blossomed over the last several years, the recent trend toward phony bloggers tapping into Google's intelligence has been palpable and calculated, the researchers said.
"For the first time, hackers are capitalizing on the top news stories from Google Trends Labs, which lists the day's most frequently searched topics, which can include news of the Wall St. bail out or the presidential campaign," Paul Piccard, director of threat research at Webroot said in a statement. "These highly relevant news stories and videos are being posted to the hackers' fake blogs to increase the site's Google search rankings."
Many of the fraudulent blogs contain multiple video links that claim to be related to a given news story for which many users are searching. Predictably, after someone clicks on one of the links included in the posts they are prompted to download a codec or some other file that will purportedly allow them to view the content, but which instead contains a malware program.
Most of the attacks being delivered via the technique are still typical spyware-type programs, Webroot said.
"Placing malware in video links on fake blogs is not a novel approach," Paul Lipman of Webroot said. "However, the fact that these hackers are now manipulating Google's methods for relevance to increase the ranking of these sites is new and greatly increases the number of people exposed to this threat."
Continued blending of attack methods including the user-driven content angle of blogging, the inclusion of badware-bearing downloadable video files and social engineering along the lines of the Google shadowing is not only inevitable, it is certain, largely because a lot of these angles still work in their own right, and adding them together only makes it more likely that more of us are going to stupidly click on through and get owned.
The thing is, more of us have to recognize that one of the only safe places to get news online these days is through a major clearinghouse like Google (or you know, a trusted property like eWeek) and resist the urge to fall prey when we see something interesting reported somewhere else we're not familiar with.
But with the addiction some of us (ahem) currently have to getting breaking news headlines as fast as possible, that can be a tough battle to win.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.