Tuesday, September 15, 2009

Ok, now that was interesting!

Over the weekend, several people noticed attacks originating from a malicious ad placed at nytimes.com. Viewers were redirected to what we call a fake, or rogue antispy page, where the webpage _pretends_ to scan your computer, and then tries to convince you to install some nifty antivirus program to clean it up-oh-but-you-have-to-register-first-put-your-credit-card-here-mr-victim. Nothing new there... it's the most common thing we see _every_ day.

We've been watching this particular style of rogue attack since about March, and just happened to have them under the microscope over the weekend, and here's the interesting thing... normally, we see 10-15,000 such detections each day, but from about last Thursday thru Sunday, it spiked to 160-170,000 per day. It dropped off today to about 20,000.

The attacks seemed to come from two main types of lures, with the first being advertisments, including the fake one on nytimes, and lots of Flash banner ads, and the second being searches for "newsie" events like Kanye and Taylor, and Patrick Swayze, and Serena Williams.

It's ever so impressive how quickly they not only react, but also point the news search results at their hijacked lure machines. In other words, not only are they quick to react to something news worthy, but they are somehow able to get their hijacked machines right up to the top of the google and bing searches. These guys are flat-out clever.

In summary, not only was there a huge spike in activity by this particular group (or groups), but they quickly were able to manipulate the search engines.

It goes without saying that LinkScanner is able to detect and block these attacks, but it's a dangerous Web folks.



Keep safe,

Roger