Stuxnet Used in Black Hat SEO Campaigns

By Brian Prince  |  Posted 2010-10-01 Print this article Print

That link that you click on for information about the Stuxnet worm might be leading you to a malicious site.

It's the dark side of search engine optimization; attackers boosting the search engine rankings of malicious sites so they can lure visitors with the promise of interesting news. In this case, it's the Stuxnet worm that is being used as bait.

Stuxnet has been a regular presence in security articles since it was discovered this summer. The worm was designed to target industrial control systems, and its complexity has made it a source of interest for security researchers and IT admins alike.

"Some of the search strings used in this black-hat SEO campaign include 'stuxnet SCADA,' 'stuxnet removal tool,' 'stuxnet cleanup,' 'stuxnet siemens' and 'stuxnet worm,' among others," noted Bernadette Irinco of Trend Micro. "Some of these poisoned search words/phrases appeared on top results. One of the malicious URLs ({BLOCKED} where the search strings points to, leads users to sites that exploit vulnerabilities as described in CVE-2010-0886 and CVE-2010-1885. Moreover, in some of the search results seen, users are redirected to sites with PDF and SWF exploits."

The ultimate payloads vary, ranging from a downloader that installs other malicious codes on the system to rogue antivirus software, Irinco blogged.

Such scams are popular in relation to hot news events such as celebrity news and other trending topics. Even the Conficker worm generated black-hat SEO attacks in 2009.

Users are advised to be careful what search engine results they click on, and of course to keep their security software up-to-date. |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel