Google Doodle leads to Rogue anti-Virus
by Steve Ragan - Dec 16 2009, 16:40According to Barracuda, searches for LL Zamenhof, the inventor of Esperanto, that originated with a Google Doodle for the inventor, lead users to attempted installations for Rogue anti-Virus software.
On Tuesday, Google celebrated the 150th birthday of LL Zamenhof by altering their normal logo with a Doodle of the flag of Esperanto. Anyone who clicked the image was taken to a search for LL Zamenhof, and as is the case with similar searches when Google alters their logo, it quickly became one of the top search results for the day.
Moving quickly to take advantage of this, criminals used SEO poisoning, or BlackHat SEO methods, to hijack the search results with the aim to install Rogue anti-Virus. “This is just another egregious act of criminals using [popular search terms] as vehicles to carry out their malicious intent,” a Barracuda post on the topic said.
“On page one of the search results, one of the examples falls under the domain rubbermouse.com. The poisoned results point to legitimate domains that have been compromised. This leverages the site's already good Google reputation so that the results do not appear with a Google safesearch alert. This is becoming increasingly more common for almost any popular search term.”
The SEO hijacking worked so well that out of the first 50 sites listed in the search results, 27 of them were malicious.
The Barracuda post raised an interesting observation when they noted that the concerning aspect of this latest round of hijackings comes from encouraged curiosity, as the whole point of the Google Doodles is to get people to search for something by clicking the image. “What does that say about the current state of search and SEO?” the post asked.
While hypothetical, the question is valid. However, the answer isn’t as easy as one might think. What SEO poisoning attacks say about the state of SEO is that if there is a will, there is a way. Criminals are a clever lot, and if they can exploit something, they will. SEO is just one method of attack; it is no more or no less valuable to a criminal than exploiting software or website flaws.
The Google Doodle attack comes around the same time that criminals used Cross-Site Scripting flaws to hijack comingsoon.net, as well as lawyers.com, news.com.au, appleinsider.com, iparenting.com, and smashits.com to spread Rogue anti-Virus.
Comment on this Story