Attackers booby trap searches at top Web sites

A million search queries have been "poisoned," at dozens of well-known Web sites over the past several weeks, according to security analyst Dancho Danchev.

Attackers are using programming errors to hijack keyword searches by automatically attaching malicious HTML code to specific search queries. Unwitting visitors who type in the selected key words while performing a search at the affected sites are then redirected to booby-trapped Web sites.

This is where the attackers attempt to install malware onto their computers.

Among some of the Web sites that have been attacked are USAToday.com, Target.com, ABCNews.com Walmart.com, and several sites owned by CNET Networks, the publisher of News.com. A CNET employee confirmed that the attack had occurred but did not know to what extent it had affected site visitors.

Representatives of CNET and USAToday could not be reached on Friday night. A spokeswoman for Wal-Mart Stores declined to comment.

The attack differs from other IFRAME injection attacks in that the traps are being set in the search results and not on a Web site's main pages, said Joris Evers, a spokesman for security firm McAfee.

"This means that a Web user would need to do a search query using one of the terms picked by the attacker to hit a poisoned page," Evers said. "This is in contrast to previously seen attacks where just visiting a site would launch an attack. This reduces the severity (of the most recent attack) somewhat."

Evers added that the Web is quickly becoming one of the most popular means to attack users. This is due in part to improvements made to e-mail security and filtering and also because Web vulnerabilities are a new frontier, he said.


Related Links:

• Go back to category Internet & Networks to read more reviews and articles.
• Go back to Software Magazine's main page.