Regards
The Spirit of Lakeshore
Monday, October 13, 2008
Friday, October 3, 2008
Cybercriminals syndicating Google Trends keywords to serve malware
by Dancho Danchev on http://blogs.zdnet.com/security/?p=1995&tag=nl.e539
In an underground ecosystem that is anything but old fashioned when it comes to abusing legitimate web services, cybecriminals have started exploiting the traffic momentum, and by monitoring the peak traffic for popular search queries using Google’s Trends, are syndicating the keywords in order to acquire the traffic and direct it to malware serving blogs primarily hosted at Windows Live’s Spaces.
According to a recent advisory issued by Webroot :
“For the first time, hackers are capitalizing on the top news stories from Google Trends Labs, which lists the day’s most frequently searched topics, which can include news of the Wall St. bail out or the presidential campaign,” said Paul Piccard, director of Threat Research, Webroot. “These highly relevant news stories and videos are being posted to the hackers’ fake blogs to increase the site’s Google search rankings.
These fraudulent blogs contain several video links about the news story for which the users were originally searching. Once a user clicks on one of the video links, they are prompted to download a video codec that downloads a rogue antispyware program designed to goad the user into purchasing an illegitimate program that may put their personal information and data at even greater risk. “
Let’s take a sample, and confirm the ongoing syndication of popular keywords in order to attract traffic to the several hundred malware serving blogs.
A random keyword “on fire” like gwen ifill wheelchair indicates that 55 minutes ago a malware serving blog has been successfully crawled and is now appearing within the first 10 results thanks to the high page rank of Windows Live Spaces. Upon clicking the link, the user is exposed to the typical ActiveX Object Error message that is attempting to trick them into installing TrojanDownloader:Win32/Zlob.AMV with 10 out of 36 AV scanners currently detecting it (27.78%).
Moreover, in order to ensure that their fake blogs will get crawled in the shortest time frame possible so that they can better abuse the momentum peak of the search query, they’re naturally taking advantage of the pre-registered blogs at popular blogging platforms which Google is crawling literally in real-time. Syndicating this particular keyword in order to serve malware is not an isolated event, with several hundred currently active blogs doing exactly the same as soon as Google Trends refreshes its hourly feed.
Malware campaigns have been taking advantage of pure SEO (search engine optimization), and mostly blackhat SEO techniques, during the entire 2008. The difference between the ongoing campaign and previous ones, is that the current approach has a higher probability of attracting generic search traffic since it’s relying on the world’s most popular search engine to tip them on what has the world been searching for during the past hour.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and E-crime incident response. Dancho is also involved in business development, marketing research and competitive intelligence as an independent contractor. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis.
In an underground ecosystem that is anything but old fashioned when it comes to abusing legitimate web services, cybecriminals have started exploiting the traffic momentum, and by monitoring the peak traffic for popular search queries using Google’s Trends, are syndicating the keywords in order to acquire the traffic and direct it to malware serving blogs primarily hosted at Windows Live’s Spaces.
According to a recent advisory issued by Webroot :
“For the first time, hackers are capitalizing on the top news stories from Google Trends Labs, which lists the day’s most frequently searched topics, which can include news of the Wall St. bail out or the presidential campaign,” said Paul Piccard, director of Threat Research, Webroot. “These highly relevant news stories and videos are being posted to the hackers’ fake blogs to increase the site’s Google search rankings.
These fraudulent blogs contain several video links about the news story for which the users were originally searching. Once a user clicks on one of the video links, they are prompted to download a video codec that downloads a rogue antispyware program designed to goad the user into purchasing an illegitimate program that may put their personal information and data at even greater risk. “
Let’s take a sample, and confirm the ongoing syndication of popular keywords in order to attract traffic to the several hundred malware serving blogs.
A random keyword “on fire” like gwen ifill wheelchair indicates that 55 minutes ago a malware serving blog has been successfully crawled and is now appearing within the first 10 results thanks to the high page rank of Windows Live Spaces. Upon clicking the link, the user is exposed to the typical ActiveX Object Error message that is attempting to trick them into installing TrojanDownloader:Win32/Zlob.AMV with 10 out of 36 AV scanners currently detecting it (27.78%).
Moreover, in order to ensure that their fake blogs will get crawled in the shortest time frame possible so that they can better abuse the momentum peak of the search query, they’re naturally taking advantage of the pre-registered blogs at popular blogging platforms which Google is crawling literally in real-time. Syndicating this particular keyword in order to serve malware is not an isolated event, with several hundred currently active blogs doing exactly the same as soon as Google Trends refreshes its hourly feed.
Malware campaigns have been taking advantage of pure SEO (search engine optimization), and mostly blackhat SEO techniques, during the entire 2008. The difference between the ongoing campaign and previous ones, is that the current approach has a higher probability of attracting generic search traffic since it’s relying on the world’s most popular search engine to tip them on what has the world been searching for during the past hour.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and E-crime incident response. Dancho is also involved in business development, marketing research and competitive intelligence as an independent contractor. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis.
October 9, 2008, Lakeshore Planning Council Meeting
The Lakeshore Planning Council will meet:
When: Thursday, October 9, 2008 from 7:30 to 9:30 p.m.
Where: LAMP
Look for the agenda and minutes next week.
When: Thursday, October 9, 2008 from 7:30 to 9:30 p.m.
Where: LAMP
Look for the agenda and minutes next week.
Do Not Tax Our Schools
Over the past three years, the Toronto District School Board (TDSB) has paid the federal government $21.7 million in GST. About $40,000 for each of our 550 schools over the three years. Or about $80 for each of our 270,000 students over the three years. The TDSB has asked for a reprieve from this tax on the school system. Similar figures are reported by school boards across Canada.
It is frustrating to supporters of public education to see the federal government receive GST on the construction of new schools, while at the same moment GST is not collected on the construction of a new prison whether built municipally, provincially or federally. GST is also collected on computers, repairs, pencils, paper - the list goes on.
We have launched a website http://www.donttaxourschools.org/ to deliver a message to all federal candidates in Canada. At present every candidate in Canada with an email address can be reached through our website. We have also created an engine for supporters to send a message to your friends, family and colleagues.
Last week we launched a media campaign with great success with coverage in all local newspapers, the majority of radio and some television. A radio advertising campaign took place on 680 News. A note is going home to all TDSB students and staff, signs are being installed at all TDSB schools and emails are flying. We need everyone with a passion for promoting a better TDSB to help get the word out.
Please forward this message to your contacts - We have to deliver our message - Use our website - http://www.donttaxourschools.org/ . Go to our "What Can You Do" page to tell your candidates, family, friends and neighbours across Canada - Don' t Tax Our Schools .
Thanks for helping our movement get the word out across Canada.
http://www.donttaxourschools.org/
It is frustrating to supporters of public education to see the federal government receive GST on the construction of new schools, while at the same moment GST is not collected on the construction of a new prison whether built municipally, provincially or federally. GST is also collected on computers, repairs, pencils, paper - the list goes on.
We have launched a website http://www.donttaxourschools.org/ to deliver a message to all federal candidates in Canada. At present every candidate in Canada with an email address can be reached through our website. We have also created an engine for supporters to send a message to your friends, family and colleagues.
Last week we launched a media campaign with great success with coverage in all local newspapers, the majority of radio and some television. A radio advertising campaign took place on 680 News. A note is going home to all TDSB students and staff, signs are being installed at all TDSB schools and emails are flying. We need everyone with a passion for promoting a better TDSB to help get the word out.
Please forward this message to your contacts - We have to deliver our message - Use our website - http://www.donttaxourschools.org/ . Go to our "What Can You Do" page to tell your candidates, family, friends and neighbours across Canada - Don' t Tax Our Schools .
Thanks for helping our movement get the word out across Canada.
http://www.donttaxourschools.org/
Upcoming Events at Palais Royale
THANKSGIVING BUFFET BRUNCH
When: Monday October 13, 2008, 11:30 am
Where: Palais Royal, 1601 Lakeshore Blvd. West
Celebrate the harvest and give thanks for a successful bounty of crops.
Come to the Palais Royale; let’s celebrate together with a magnificent Thanksgiving Buffet Brunch skillfully prepared by Chef Steffan Howard and his Crew. In addition to the classic Thanksgiving offerings, Chef Howard will take advantage of the Savour Ontario Pear Up October Program where he will feature cuisine with some of the finest Ontario Pears freshly picked at Bizjak Farms in Beamsville, just an hour and fifteen minutes west of us. Enjoy these tree ripened tastes sprinkled throughout our bountiful brunch.
Join us Monday October 13th at 11:30am. Listen to the sounds of the Toronto All Star Big Band Trio. Call for reservations. Seating is limited. $41.95 adults, (+ taxes and gratuities) $20.00 children 5 – 12 years (+ taxes and gratuities)
Alcohol not included.
Wheelchair accessible.
Happy Thanksgiving!
HALLOWEEN NIGHT
When: Friday, October 31, 2008, 8:00 pm
Where: Palais Royale, 1601 Lakeshore Blvd., West
Presents...
An Evening of Grand Illusion, Magic and Mystery
On Halloween night immerse yourself in a world where you will be overwhelmed with wonder as you witness acts creating the impossible.
Palais Royale, one of Toronto’s historic buildings becomes transformed into a setting of mystery, where Vladimir, Master Illusionist, will perform unbelievable feats of fantasy.
Dress in Disguise, and dine in the shadows with our offerings of a light mystery dinner buffet while you listen to Richard Victor Borg on the elegant grand piano.
Cash bar available
Prize for best costume
Doors & buffet - 8:00 pm
Show 9:30 pm
Tickets $60.00 available at http://www.ticketweb.ca or call
1-888-222-6608
Or call Palais Royale at 416-533-3553
Call soon tickets limited.
Pianist, songwriter, entertainer http://www.richardborg.com/
When: Monday October 13, 2008, 11:30 am
Where: Palais Royal, 1601 Lakeshore Blvd. West
Celebrate the harvest and give thanks for a successful bounty of crops.
Come to the Palais Royale; let’s celebrate together with a magnificent Thanksgiving Buffet Brunch skillfully prepared by Chef Steffan Howard and his Crew. In addition to the classic Thanksgiving offerings, Chef Howard will take advantage of the Savour Ontario Pear Up October Program where he will feature cuisine with some of the finest Ontario Pears freshly picked at Bizjak Farms in Beamsville, just an hour and fifteen minutes west of us. Enjoy these tree ripened tastes sprinkled throughout our bountiful brunch.
Join us Monday October 13th at 11:30am. Listen to the sounds of the Toronto All Star Big Band Trio. Call for reservations. Seating is limited. $41.95 adults, (+ taxes and gratuities) $20.00 children 5 – 12 years (+ taxes and gratuities)
Alcohol not included.
Wheelchair accessible.
Happy Thanksgiving!
HALLOWEEN NIGHT
When: Friday, October 31, 2008, 8:00 pm
Where: Palais Royale, 1601 Lakeshore Blvd., West
Presents...
An Evening of Grand Illusion, Magic and Mystery
On Halloween night immerse yourself in a world where you will be overwhelmed with wonder as you witness acts creating the impossible.
Palais Royale, one of Toronto’s historic buildings becomes transformed into a setting of mystery, where Vladimir, Master Illusionist, will perform unbelievable feats of fantasy.
Dress in Disguise, and dine in the shadows with our offerings of a light mystery dinner buffet while you listen to Richard Victor Borg on the elegant grand piano.
Cash bar available
Prize for best costume
Doors & buffet - 8:00 pm
Show 9:30 pm
Tickets $60.00 available at http://www.ticketweb.ca or call
1-888-222-6608
Or call Palais Royale at 416-533-3553
Call soon tickets limited.
Pianist, songwriter, entertainer http://www.richardborg.com/
Subscribe to:
Posts (Atom)
Posts
