It is well known that attackers are abusing search engines to lead victims to malicious sites. But a study by SonicWall paints a disturbing picture of just how successful the attackers are.
“In the last seven days, more than 284 top search terms have been attacked by more than 6,600 malicious URLs,” SonicWall said in a news release, and “up to nine of the top 20 search terms are under attack at any one time.”
Typically, cyber-criminals use popular news items in such schemes, which often lead to sites pushing rogue antivirus applications. For example, SonicWall said, “A search on [film producer] ‘Elinor Burkett’ within a 24-hour period between March 8 and 9 presented 40 unique malicious URLs appearing in Google search’s top 30 results. A search on [Oscar-winning short film] ‘The New Tenants’ on March 8 presented 56 unique malicious URLs” in Google’s top 30.
“Cyber-criminals use whatever is at their disposal to spread malware. In this instance they are launching attacks against Google’s top search terms that identify the most popular stories of the day,” said SonicWall Lead Malware Researcher Deepen Desai. “These criminals are now going after these top search terms using their knowledge to insert malware-infected Websites almost immediately after people show interest in a particular news site.”
As for advice, SonicWall urged users to look at the URL before they click on it. While “often the legitimate sites show up with complete, readable sentences in their description … malicious sites [often] show up with jumbled keywords.” Also, “Steer clear of any kind of video codecs or … downloads prompted by most of these sites.”