May 6, 2009 By Blake Harris
Virus protection software companies are often on the front line of detecting shifts in cyber-crime tactics. Of course, dealing with cyber attacks and new strains of malicious code on a daily basis would give them a keen sense of changes in the cybersphere.
PandaLabs, Panda Security's malware detection and analysis laboratory, today released news on the latest trend they have observed - a tend they say reflects the growing professionalism of cyber-crime.
Previously, cyber-crooks would use malicious SEO (Search Engine Optimization) or "blackhat SEO" techniques to improve the ranking of their pages among popular search engines. Now they are beginning to create their own search engines which lead users directly to pages designed to infect or defraud them.
PandaLabs says that one such malicious search engine they detected has already received around 195,000 visits.
The way such search engines generally work is that after entering a search term, the search engine returns just five or six results - all pages designed to trick users into downloading malicious code. Users may get a message upon accessing a listed site to download the latest "Web media player" or similar upgraded software. However, if the user does click on this, spyware or other malicious code is downloaded onto their computer instead.
"We started searching for words and issues frequently exploited by cyber-crime, in this case swine flu, or celebrity names such as Britney Spears or Paris Hilton and this took us to pages created to distribute malware. But then we found that even searching for our own names would throw up results that were really malicious pages," explains Luis Corrons, Technical Director of PandaLabs is a prepared statement. "Strangely though, there is the occasional normal results among all the malicious ones. Perhaps this is to bolster the illusion that this is a genuine search engine."
Further information on the PandaLabs blog: http://pandalabs.pandasecurity.com/archive/Swin-flu-and-the-Blackhat-SEO-techniques.aspx