Malware distributors continue to flex their abilities to tap into whatever’s hot in terms of search engine activity, even on a daily basis.
We’ve grown accustomed to the idea that whenever there is a major news item worldwide, from natural disasters to celebrity gossip stories, attackers will be hot on the heels of legitimate reports in attempting to create campaigns that suck in end users seeking information on the publicized events.
However, the evolution of the crimeware underground has reached the point where this isn’t just a pattern that ties itself to a handful of major news events each month, or week, but instead attempts to tap into whatever the big news is each day.
This is perhaps best personified by attackers’ work to ride the coattails of yesterday’s celebration of the 40th anniversary of the debut of seminal children’s television show Sesame Street. As reported by Webroot blogger Andrew Bryant, among others, a spate of rogue AV threats popped up on Wednesday as legitimate properties including Google marked the show’s anniversary in one form or another.
“The black hat SEO gangs that have been manipulating Google results for the better part of the year have seized on a new target from which they’ve launched their current salvo of rogue antivirus guano,” noted Bryant in a blog post. “That’s right, the lovable, giant jaundiced avian friend to child and adult alike is being used to hijack searches and rope unsuspecting users into a vortex of popups and fake scans.”
Yes, he’s talking about Big Bird.
The researcher notes that the Sesame St.-driven attacks are really just further proof that malware purveyors are looking at Google Trends each day and formulating new social engineering angles based on whatever the hot topics may be.
This shift from monthly or weekly attack customization shows how granular attackers’ efforts have truly become, he said.
Of course, underlying the up-to-the-moment engineering are many of the same rogue AV scanner threats we’re seeing all the time, with the “Internet Antivirus Pro” program among those in distribution yesterday, delivered on the wings of Sesame St.’s massive winged mascot.
The use of a children’s TV show to pass along the threats also highlights the need to educate children to the perils of following unfamiliar links, or opening unsolicited messages, Bryant notes.
Attackers have also become so skilled at gaming Google’s SEO patterns that they were able to plant threats as high as the seventh result for Sesame St. related results on Wednesday, he said.
“Disgusting? Yes. Surprising? Hardly,” the expert wrote. “Hooking your scumbag wares to celebrity deaths, peephole videos, and high profile arrests is one thing. But as far as I’m concerned, a line has been crossed. Yes, the dark back-alleys of the Internet are pretty far afield from Sesame Street. But nobody messes with the Bird.”
What’s next? A phony Match.com profile on the longtime co-habitation and apparent bliss of “roommates” Bert and Ernie?
Follow eWeek Security Watch on Twitter at: eWeekSecWatch.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.