Not to be left out of the upcoming festivities, hackers are using SEO to infect more people with their fake Anti-virus programs.
For the past week we’ve been monitoring 2 current events – Halloween and the financial crisis.
The thing is, the infection of the legitimate website is a silent redirect that actually includes the keywords optimized for high SE rankings. So the hacker is actually making the infected webpage rank higher in the search engines. They actually use common SEO techniques to attract more people to their infectious webpages.
Another thing we’ve seen and has been confirmed by Panda Labs is the correlation between down days in the stock market and the amount of new malware released. As the market dips, the number of infectious files increases. We’ve been noticing this on our honeypots (computers we leave open on the Internet hoping they’ll get infected so we can further analyze the infection)
This kind of runs parallel with the halloween costume scenario. What the hackers are doing during the dips in the market are making “available” their rogue (read fake) anti-malware software via various infected webpages.
Instead of going after banking logins and other such useful information they’re (the hackers) interested in “legitimitizing” their business by selling their rogue anti-malware. First they have to convince the visitor that their computer is infected, then they offer an immediate solution.
Following standard marketing strategies, the hackers are actually making the visitor aware of a need and then offering a quick solution – for $60.
According to Panda Labs, they estimate that this marketing strategy has made the hackers approximately $14 million a month. I’m not sure I follow their math, but regardless, the hackers are making money.
I believe that the financial crisis is creating more fear about identity theft and therefore making this strategy more effective during the down cycles in the market.
Just so you know, our honeypots are fed popular keywords based on current events and then they visit the resulting webpages, record the activity and that’s what we base our information on.
It’s a fun way of spying on the hackers and it’s what we use in our securitiy appliance “The Box” to blacklist websites and malicious code. It’s what we use in WeWatchYourWebsite to find malicious code. We then search all of our clients websites looking for this malicious code. If any is found, we alert them immediately.
Be careful out there. It’s getting real nasty.