One of the great joys of March is working from home, windows cracked, with the NCAA tournament broadcast in the background. And rest assured when the big upset inevitably occurs, basketball fans will flock to the Internet to see how it happened. Enter hacker.
Updated at 4:41 pm, March 19, 2010.
One of the great joys of March is working from home, windows cracked, with the NCAA tournament broadcast in the background. And rest assured when the big upset inevitably occurs, basketball fans will flock to the Internet to see how it happened. Enter hacker.
A common attack vector uses popular news items to rope its unsuspecting Web surfer into a site laced with malware. From celebrity gossip to sporting events to natural disasters, any news item that attackers suspect will be widely searched on Google and other search engines is an opportunity to post a malicious Web site. So next time you want to get the news on a popular story via a search engine be sure to visit a trusted source, and always check the URL before you surf over.
If you do use Google to search for popular news items scan the URLs below the search descriptions carefully. Johannes Ullrich, of the SANS Internet Storm Center, tells us one giveaway to a dangerous site is when you spot the search term in the parameter.
It's also important to note that you don't necessarily have to download anything to infect your computer. Depending on the browser and patches your computer is functioning with, simply navigating to a malicious Web site could be enough to infect the system. Google does find some of these sites, labeling them as dangerous malware. But when a news event occurs hundreds of dangerous attacks surface quickly.
Ullrich also notes that antivirus "sort of helps" protect you from this kind of attack, but relying on it comes with its own vulnerabilities. "One angle a lot of these links play is fake antivirus," Ullrich said.
Since posting this item, Google got back to me about their security practices:
Utilizing popular news stories and events to lure users into visiting malicious Web pages is not new. At Google, we've looked at this issue closely and work hard to protect our users from malware. We actively work to detect and remove sites that serve malware from our search index, reacting to the latest trends and watching for popular search terms. Also, while attackers can and do generate new malicious Web sites, it's more common for legitimate Web sites to become compromised and then start delivering malware. In these cases, we add a warning label to our search results to help protect users who might visit those sites. To do this, we have manual and automated processes in place to enforce our policies. However, it's important to recognize that this issue affects more than just search engines like Google, as these afflicted sites are still part of the general Web. We're always exploring new ways to identify and eliminate malicious sites from our index.