Cybercriminals are creating
specialised search engines to drive users to malicious websites
created to distribute malware, reports a security research
firm.
This reflects the growing professionalisation of cybercrime,
said Madrid-based PandaLabs.
One malicious search engine it found has already been used by
around 195,000 people, whose PCs could now be infected.
Previously, cybercrooks would use malicious SEO (search engine
optimisation) or "blackhat SEO" techniques to improve the ranking
of their pages among popular search engines. Now they are beginning
to use their own search engines to lead users directly to pages
designed to infect or defraud them, the lab said in a
statement.
When users enter a search word, the "malengine" returns just
five or six results. Clicking on any of them redirects the user to
a web page created specifically to distribute malware.
The pages may include pornographic videos, which ask users to
download the latest version of a "Web media player" to watch the
clip. But the file is really WebMediaPlayer adware.
These pages are also used to distribute
fake antivirus programs.
Luis Corrons, technical director of PandaLabs, said, "We started
searching for words and issues that are frequently exploited by
cybercrime. In this case it was swine flu, or celebrity names such
as Britney Spears or Paris Hilton. This took us to pages created to
distribute malware.
"But then we found that even searching for our own names would
throw up results that were really malicious pages," he said.
"Strangely though, there is the occasional normal result among all
the malicious ones. Perhaps this is to bolster the illusion that
this is a genuine search engine".
PandaLabs advises users to use only trusted search engines, and
to be wary of websites that offer sensational videos or unusual
stories.
"If a website asks you to download a codec or any other kind of
program to watch videos, there is a strong chance that it is really
malicious code", warns Corrons.