Cybercrooks develop own search engines to burgle users

Cybercriminals are creating specialised search engines...

Cybercriminals are creating specialised search engines to drive users to malicious websites created to distribute malware, reports a security research firm.

This reflects the growing professionalisation of cybercrime, said Madrid-based PandaLabs.

One malicious search engine it found has already been used by around 195,000 people, whose PCs could now be infected.

Previously, cybercrooks would use malicious SEO (search engine optimisation) or "blackhat SEO" techniques to improve the ranking of their pages among popular search engines. Now they are beginning to use their own search engines to lead users directly to pages designed to infect or defraud them, the lab said in a statement.

When users enter a search word, the "malengine" returns just five or six results. Clicking on any of them redirects the user to a web page created specifically to distribute malware.

The pages may include pornographic videos, which ask users to download the latest version of a "Web media player" to watch the clip. But the file is really WebMediaPlayer adware.

These pages are also used to distribute fake antivirus programs.

Luis Corrons, technical director of PandaLabs, said, "We started searching for words and issues that are frequently exploited by cybercrime. In this case it was swine flu, or celebrity names such as Britney Spears or Paris Hilton. This took us to pages created to distribute malware.

"But then we found that even searching for our own names would throw up results that were really malicious pages," he said. "Strangely though, there is the occasional normal result among all the malicious ones. Perhaps this is to bolster the illusion that this is a genuine search engine".

PandaLabs advises users to use only trusted search engines, and to be wary of websites that offer sensational videos or unusual stories.

"If a website asks you to download a codec or any other kind of program to watch videos, there is a strong chance that it is really malicious code", warns Corrons.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.