Wednesday, November 28, 2007

Google Trouble

A new wave of malware distribution is stewing, and it utilizes Google's PageRank system to appeal to users.


Clicking Google Search Result May Lead to Malware
Google is really famous for this technology, and is probably why it's service is leading from its rivals, Yahoo! Search and MSN Search. Google's PageRank technology was designed so popular websites appear on top of search results.

Google's PageRank uses a nifty logic to determine which page is important and which are not by counting the websites that links to the website. In an example, let's say we will need to rank Page A. Google's spiderbot will count how many websites will link to Page A, thus adding a vote to the site, and increasing its rank. The higher the number of sites, the higher the rank would be. All websites are ranked using this technology. For more information about Google PageRank, see this page.

Although this may look like a very good system, it's not without its flaws. A technique known as Google bombing is a technique used to manipulate the search results of Google Search. Since Google uses PageRank, which counts how many websites that links to a page, Google bombing involves creating tons of websites, or blogposts, that links to a page you want its rank to increase. If enough false websites or posts links to the page, it might appear on top of the search result of Google. Also, a technique called Spamdexing, is closely related to Google bombing, employing a different technique, usually involves creating invisible text (like white text, that blends perfectly with the background) to increase the likelihood that the page is ranked higher.

Malwares are now using these techniques to direct unsuspecting users to enter the website, that installs tons of viruses, trojan horses, rootkits, and password stealers. A bot may be used to create hundreds of blogposts that links to the malware page, effectively increasing its rank, and increasing its chance to appear on top of the search result page. Innocent keywords, from 'how to I teach my dog to play fetch' to 'how to cisco routing vpn dial in', may produce links that leads malicious websites on the very top of the results. Most users wouldn't suspect anything's amiss with the rogue results, although the ultra-wary might be suspicious because many of the malicious URLs are just a jumble of characters, with China's .cn top-level domain at their ends.

Once a user enters the bogus site, he'll be bombarded with malware installation. It may guise itself as a fake video codec. If that doesn't get the user, its IFRAME will. "This is what's doing the most damage," added Sunbelt malware researcher Adam Thomas. "It's loaded with every piece of malware you can think of, including fake toolbars, rogue software and scareware."

One site that Thomas encountered tried to install more than 25 separate pieces of malware, including numerous Trojan horses, a spam bot, a full-blown rootkit, and a pair of password stealers. All the malicious code pitched at users is well-known to security vendors, and can only exploit PCs that aren't up-to-date on their patches.

No comments: