ID: IRCNE2011051115
Date: 2011-05-14
“ITPRO” reports that a poisoned search engine optimization (SEO) campaign has duped over 100 million web users into visiting malicious web pages. The campaign, run by a well-known blackhat SEO operator, has used Google image search to redirect users to fake anti-virus downloads. “In just one month, this campaign was able to redirect nearly 300 million hits from 113 million visitors to the malicious landing pages,” Trend Micro explained.
“In addition to generating pages full of bad links and keywords to boost search engine results ranking, the operator also embedded images taken from legitimate sites so its pages can get a high Google Image Search index.”
To date, Trend Micro said it had identified 4,586 compromised servers connecting to the blackhat SEO command server. Using these servers, the hackers have implanted two kinds of pages inside various websites, one being a standard fake anti-virus scanning page, the other a Traffic Direction System (TDS) page.
“TDS pages are used as landing pages to direct traffic to malicious content. “This particular campaign uses the well-known SUTRA TDS.” In the past 30 days, that TDS redirected 220,175,652 hits from 82,568,468 visitors.
This campaign targeted Mac users in particular by using landing pages designed to imitate the appearance of the Mac OS.
- 3