14 DAY TRIAL // Security researchers warn that cyber criminals who use black hat SEO techniques to distribute scareware, have changed their focus from traditional Web search results to image ones.
Black hat SEO is a very successful method of leading users to malicious websites by inserting malicious links into search results for popular keywords.
For the last couple of years, pretty much any topic that garnered a fair amount of public interest, whether it was a holiday, a natural disaster, a conflict or a celebrity death, has been targeted in this manner.
According to statistics released by antivirus companies, 2010 was the busiest year for scareware distributors yet, with up to 40% of all rogue programs ever created being released during this period.
These attacks are achieved by leveraging the existent search rankings of compromised websites. Attackers create fake pages filled with content and keywords for a particular topic and feed them to search engine crawlers.
However, when users click on these pages in search results, they are automatically redirected to scareware distribution websites that mimic antivirus scans.
The constant attacks and media attention have determined Google to become more aggressive in detecting and blocking them. In turn, this has pushed scareware distributors to alternative searches like those for images.
"Google is doing a relatively good job removing (or at least marking) links leading to malware in normal searches, however, Google’s image search seem to be plagued with malicious links," warns Bojan Zdrnja, a security researcher with the SANS Internet Storm Center (ISC).
Google Images BHSEO is not really new. We have reported attacks using this technique since July 2010. However, the number of incidents and poisoned images seem to have dramatically increased recently.
Firefox users can protect themselves by using extensions such as Search Engine Security or NoScript, while those using other browsers an opt for a computer security solution that features real-time URL blocking.