Massive Badware Campaign Targets Google's "Long Tail"

A post by Cyberveillance a couple of weeks back revealed a complex black-hat operation involving Google searches leading to hundreds of thousands of bogus blogs, exploiting the "long tail" of search results and isolated from Google's auto-detection of malware sites by a shifting network of redirectors. The fake blog posts are innocuous when visited directly, but make aggressive attempts to install a fake Windows anti-virus tool (which is actually a Trojan horse) if clicked through from Google. Other search engines do not index the bogus sites. The Unmask Parasites site has a detailed two-part analysis of the badware operation, which puts some numbers on its scope: almost 688,000 bogus scareware blogs can be located in Google; some of them have upwards of 1000 posts. This analysis also reveals that a large majority of the sites hacked to host fake blogs are on the network of Servage.net. From the second Unmask Parasites link: "What we have here is millions of rogue web pages targeting the long tail of web search (millions of keywords) where each page tries to install fake (and malicious) "anti-virus" software on visitors' computers. While this black-hat campaign is active for at least 6 months, webmasters of the compromised sites and their hosting providers don't simply notice this illicit activity. The good news is Google seems to have noticed this problem. Probably thanks to the Cyveillance blog post. During the week after that post I see a steady decrease in search results returned by the queries that you can find in this post."

Re:Badware?

[thijsh]

Good idea to dumb it down... most of my family or collegues will stop understanding and thus really listening when they hear words like malware. When you want to educate people be prepared to explain it in a simple way they understand, it will save you work later.
And when you start to lose them just tell them "the evil hackers will plunder their bank account", this will give you about 3 minutes extra attention span. ;)

Re:Bogus blogs and duplicate newsfeeds

[causality]

Speaking of bogus blogs... What really ticks me off is if I'm searching for a answer to a technical problem, I often find the same message thread on 10 different sites. I wish google would realize these are all the exact same thread and combine them into a single response.

No joke. You omitted one part, however. You'll find the same message thread on 10 or more different sites, true. The part I would add is that in each instance, someone is asking the question but no one has responded with a meaningful answer. Sometimes I have better luck excluding terms like "archive" and "mailing list" from the search results.

I forgot their name but there is a company or two that I would describe as parasites. They try hard to have high visibility in search results when it comes to someone asking questions. When you click the link, however, you find that they want you to pay a fee to see the answer. Usually this is for basic technical support information that is not secret or otherwise proprietary in any way. I bet they had to work really hard to craft their pages in such a way that the Google summary gives no indication that it's a for-pay site. It makes me wonder if they are subsidized in some way or whether enough people really do pay them enough money to stay in business on their own.

Re:Ho Hum

[dskzero]

News would be that no one takes time to complain about windows whenever some new vulnerability is discovered. I'm willing to be that if any one linux distribution was used as much as windows, the story would be different.