Hackers Target Tsunami Search Results 57
xsee writes "Only hours after the earthquake and resulting tsunami from Chile, hackers began manipulating search results to direct people seeking information on the event to infected webpages. Exercise caution as to where you get information on this tragedy. Chester Wisniewski describes what happened after he saw a suspicious site listed second on a Google search: 'It appears to be a normal website with information and videos about different Asian tsunamis over the past few years. It is difficult to tell whether this particular page was SEO-optimized, or was an innocent victim of a malicious script. SophosLabs got back to me that this page contains some obfuscated malicious JavaScript that we detect as MAL/ObfJS-R. This script was appended after the normal code on the page.'"
Re:Sick? (Score:5, Informative)
CNN was actually discussing this in their reporting yesterday. They were very clear about this being done by bad folks, not the web in general, and the things people should look out for. Overall I think they gave it very clear, concise, non-technical coverage that was more than fair.
Wake up!!! (Score:2, Informative)
This is /., right? Can we please STOP calling these FUCKTARDS hackers!!!
Re:Sick? (Score:5, Informative)
Firstly, are the media going to pick up on this
I doubt it. Your computer being infected with crap isn't particularly scary.. probably because it happens so often that most people are already familiar with how un-scary (but obviously annoying) it really is. The media picks subjects that are NOT common. Man bites dog, not dog bites man. They'll continue on spreading fear about uncommon events on the internet like sexual predators and stalkers. People fear things they don't know about.
Since this is a JS vulnerability
The "javascript vulnerability" just redirects you to a known malware site. Going to a website isn't in itself much of a threat.
The real vulnerabilities (the ones that can infect your computer) exist in largely Adobe Flash, Microsoft Internet Explorer, somewhat in Adobe PDF Reader, and people just being stupid and running an executable because "the computer" told them to.
The last item is probably the hardest one to fix, and likely can't be fixed with technology (the authoritarians of the world like Kaspersky want to try to solve this through idiotic internet licensing schemes). The other three most certainly are technology problems, and can be fixed with technology. Adobe and Microsoft aren't too keen on actually fixing the problems however.
Re:Protection? (Score:2, Informative)
Or run your browser in a VM and revert to a clean image each time your done browsing.
Or disable javascript in Opera, but the web will act a lot different.
Re:Color me unsurprised (Score:4, Informative)
It's predictable because it's automated. The technique these guys use is called 'blackhat SEO'. They have automated scripts that pull data from Google's page of search trends and automatically throw these pages up based on the search results for searches for the highest trending keywords. There's not much of a manual process behind it. If you check out the latest search trends and search for those terms, you'll see tons of malware sites showing up. It has nothing to do with what the news event or search term is. This has been going on for a while.
Re:Protection? (Score:2, Informative)
Allow javascript -only- on a whitelist basis.
Re:Can someone explain this to me (Score:3, Informative)
Looks like someone at google has noticed and is cleaning their search results. Here's one from the images.google search, which now has been "reported as an attack page".
http://images.google.ca/imgres?imgurl=http://macleans.files.wordpress.com/2009/12/wip091211_02.jpg&imgrefurl=http://piazza.cl/eew.php%3Fq%3Dcheryl-bernard-hot&usg=__C_p_BdyshgstqVmMmo-jrcjNsDM=&h=976&w=800&sz=392&hl=en&start=15&um=1&itbs=1&tbnid=5i1jhMgQhHjIwM:&tbnh=149&tbnw=122&prev=/images%3Fq%3Dhot%2Brussian%2Bolympic%2Bcurling%2Bchicks%26um%3D1%26hl%3Den%26client%3Dfirefox-a%26sa%3DN%26rls%3Dorg.mozilla:en-US:official%26tbs%3Disch:1 [google.ca]
allchile.net fighting the spammers (Score:5, Informative)
I operate allchile.net, a forum for expats in Chile that has been operating for a little over 4 years. I am located in Temuco, Chile (about 100 miles south of the worst devastation) and just got my internet connection back a few hours to see all the spammers on google trying to force their way in to the position. Now me and all the other established sites in Chile, with real history and connections to know what is going on in Chile are fighting the Google spammers to try and get people in touch with their missing relatives and get news out to the World about the distaster.
If you have a web site, and want to help us, link to the real sites about Chile. Even Facebook, twitter, and CNN are in a way in our way. They will be all chatting up the topic for a week or two more, then they will be gone. Our sites will still have to fight back up to the top of Google while trying to assist with the reconstruction.
My sites and my friends sites (all run by people on the ground in the disaster by the way):
http://www.allchile.net/ [allchile.net]
http://www.allsouthernchile.com/ [allsouthernchile.com]
http://www.santiagoradio.cl/ [santiagoradio.cl]
http://www.thepulse.cl/ [thepulse.cl]
http://www.spencerglobal.com/ [spencerglobal.com]