14 DAY TRIAL // Windows Live Search, Microsoft's search engine has been all but taken over by hackers. In excess of 95% of the results returned to queries entered in Windows Live search are directing users to websites hosting malware or to exploit web pages, according to SunBelt. Google has been confronted with the same issue in the past, and now is the turn of Windows Live Search. Fortunately for Microsoft, hackers have only hijacked the Italian version of Live Search.
"At the moment, the problem is that when someone searches a combination of specific Italian keywords on the Windows Live portal, that person will always get a set of weird links in the search results. These weird links will most likely be related to the Linkoptimizer gang (aka Gromozon)-so this likely means that the Gromozon gang has managed to take over and manipulate the search results of Windows Live by getting their links to end up on the top of the search result lists," explained Elia Florio, Symantec Security Response Engineer.
Symantec has verified the initial claims of SunBelt and has indeed verified that the Italian Windows Live Search gives a new meaning to the phrase "everything you need, all in one place." The Live search hijacking is similar to the Google bomb attack. The Gromozon gang has managed to manipulate the results returned by Live Search via a list of hot keywords. Microsoft has failed to issue an official response as yet.
"What is the master plan of the Gromozon gang? Well, we don't know yet, but we are expecting something even more sinister to appear sooner or later. At the moment we know that the encrypted Javascript embedded in those weird pages is redirecting users to the domains hxxp://www.itzzot.cc and hxxp://e1.extreme-dm.com," Florio added.
Symantec contradicted SunBelt and stated that neither of the domains is hosting malware. The Cupertino-based security company will continue to monitor the situation.
