杏吧原创

Image searches ‘poisoned’ by cybercriminals

Hijacking your Google image searches is just the latest ploy by fraudsters
Not what I wanted to see
Not what I wanted to see
(Image: Andrea Schoenrock/Plainpicture)

Hijacking your Google image searches is just the latest ploy by fraudsters

ALL Pedro Bueno did was run a regular Google search for 鈥渋Phone with antenna鈥 while trying to fix the Wi-Fi on his wife鈥檚 cellphone. Moments later he was yet another victim of 鈥渟earch engine poisoning鈥 鈥 the latest battleground in the ongoing war between cybercriminals and Google.

The Google results page offered Bueno several image hits as well as the regular results. 鈥淚 decided to see one of the pictures and clicked on it. It then started to load and suddenly I was redirected to another page,鈥 he on the Internet Storm Center website, a volunteer group that monitors computer crime.

Claiming to be an antivirus program from the non-existent 鈥淎pple Security Center鈥, this web page displayed a list of files that were supposedly trojans, spyware and other malware hidden on his computer. In fact, he had been sent to a fake antivirus website. At this point, the user may be tricked into paying for unnecessary antivirus protection or a virus is downloaded onto the unwitting user鈥檚 computer. If you鈥檙e unlucky and unwary, both.

Search engine poisoning is booming. Internet security firm Trend Micro that in May 2011, more than 113 million users were redirected to malicious pages due to search engine poisoning. Hijacking image searches rather than text-based web searches is the fraudsters鈥 latest twist on a popular scam.

鈥淚t鈥檚 an arms race,鈥 says of the cybersecurity lab at the Technical University of Vienna, Austria. Hackers write code to fool search engines into giving bogus results, and search-engine companies fight back by writing code to block their scams.

These scams are 鈥減retty much automated鈥 says Bojan Zdrnja, a computer security specialist in Croatia. It works like this: hackers gain access to legitimate websites and install programs which monitor Google Trends for hot keywords 鈥 words relating to any major news story, for example. The program then searches for content 鈥 including images 鈥 related to the hot topics and uses that material to automatically generate new web content of its own. Often they will hack a legitimate site that Google鈥檚 software bots rate as credible and simply add their own content. This is not normally visible on the site, nor does the owner know about it.

聯Hackers hijack a legitimate site that Google鈥檚 software bots rate as credible and add their own content聰

As Google鈥檚 bots crawl through the web, the malicious program identifies them and feeds them the automatically generated content from these faked web pages. Because everything on the page is specifically chosen to relate to that topic 鈥 be it or the 鈥 the fake web page and the 鈥減oisoned鈥 image quickly appear near the top of the relevant search results.

Next the user clicks on the thumbnail of the photo they want and the user鈥檚 browser requests the page the image originated from. The attacker鈥檚 program redirects the user to a fake antivirus website 鈥 putting them at risk.

鈥淕oogle has done a pretty good job with standard searches,鈥 says Zdrnja, by detecting malware and warning users of potentially harmful pages. Blocking poisoned images from searches is the next challenge. A Google spokeswoman said: 鈥淲e have cut down on the bad Image Search links by over 90 per cent since their peak at the start of May.鈥

Topics: Computer crime / Hacking