Capitalizing on popular search terms like “California wildfires” is one strategy hackers are using to direct people to fraudulent Web sites, said a security expert with Symantec Corp.
Invariably, people are going to search terms related to hot news topics to find out more, said Gerry Egan, director of security response with Symantec.
Hackers create their malicious Web sites in such a way that they will be listed quite high in search engine results for current affairs topics, whether it’s an election, tax season or a celebrity death, said Egan.
“Now you’ve led the user right up to the front door of the malware and now you start to tell them a story that preys on their interests,” said Egan.
The trend towards this technique has become more pronounced in the last couple of years, as security software is more prevalent and users better tuned to security best practices, said Egan.
That awareness has made the path to users’ machines more difficult, so hackers must now turn to social engineering tactics, said Egan, to address the challenge of convincing users who may already have security software installed on their machines to otherwise authorize a download to their machines.
Once lured to the site, the unsuspecting visitor will be convinced somehow to authorize the malware by clicking on an image of a wildfire, for instance, in order to view a news video or read more information, explained Egan. However, the user will then be faced with a pop-up requesting the latest version of a multimedia player be downloaded and installed.
“That’s the norm. We are used to having to upgrade the latest plug-in to see what we want,” said Egan.
What gets downloaded is not a real player, but a piece of malware. “Now your machine is owned and it can be used for a variety of purposes,” said Egan.
While Symantec has no statistics on the success of search engine optimization techniques by hackers, the tactic certainly shows no sign of diminishing, he added.
“Malware is a numbers game. You try enough people and eventually you get people to fall for the technique,” said Egan. “As long as there is a steady stream of people falling for the technique, you’ll continue to do it.”
According to Brian O’Higgins, Toronto-based independent security consultant, taking advantage of popular search terms is an approach that requires relatively little labour.
“Normally they have to spend a lot of effort to redirect people surreptitiously to their Web sites, so why not have people go directly to them to get malware?” said O’Higgins.
That said, while creating fraudulent Web sites based on hot news terms has always been a favourite tactic in hacker circles, not every term is guaranteed to work, simply because users don’t expect to see non-traditional news outlets dedicated to news, said O’Higgins.
Egan can’t say whether there is an inherent weakness is search engines that hackers are preying on, but he does know this is just “a real-world con that’s moved online.”
Users should only trust reputable news sites if they want to learn more about current affairs, said Egan.
While the use of search engine optimization techniques by hackers definitely adds some complexity to using search engines, the scenario is not all that different from shopping in a mall, said Benoit H. Dicaire, information security strategist with Montreal-based security consultancy Infrax Inc.
“When you go in a mall to buy stuff, you have the same situation,” said Dicaire. “Google is just like a big mall so you need to decide where you want to buy and (whether) you want to pay cash.”
Trust a reputable site for news just as you’d trust a well-known brand for clothing, said Dicaire.
Egan suggests using Norton Safe Web to ascertain whether a Web site is safe or not, as well as ensuring security software is always updated.
“Like a gasoline engine, if you don’t have gasoline in the tank, you are not going to get very far,” he said.