Search engine poisoning is a popular attack tactic for hackers

Absrtact: According to the trend technology TrendLabs from January to March, search engine poisoning (SEO) techniques remained the most prevalent attack tactic in the region in the first quarter of 2010. The way the Asia Pacific region malware infects computers is still interconnected

According to data collected from the trend technology TrendLabs from January to March, search engine poisoning (SEO) techniques remained the most prevalent attack tactic in the region in the first quarter of 2010. The Asian-Pacific malware program infects computers with Internet downloads, other malicious program implants, and removable disks.

Although Blackhat SEO is not a brand new technique, it is still an effective way to spread malicious programs by using the search for popular current-topic keywords. For example, cyber-criminals use a number of hot topics to manipulate the results of search engines and implant Fakeav fake antivirus software variants on compromised computers. Popular events in the first quarter that were used by malware writers to lure users to clicks were: The Philippines six earthquake, the Philippine-mixed female star Anne Curtis, and Manny Pacquiao and Joshua Clottey two boxers. In these three attacks, users who click on the poisoned search results download a malicious program that is fake antivirus software that ultimately aims to trick users into buying fake anti-virus software.

In addition to continuing to spread fakeav malicious programs, infected systems will also become members of bot networks, allowing them to continue to grow and allow cyber criminals to steal information, distribute spam, and allow remote hackers to access infected systems freely. Once again, the infamous koobface the headlines. Its previous attacks were using bogus YouTube pages, but the latest attack was to lead users to a Web site called "Yuotube" (at first glance like "YouTube") and to download a fake adobe Flash player file. Another bot network that jumped up in the quarter was an older bot network, primarily an attack on DSL modems and routers, a bot network called "Chuck Norris Botnet" that was spread through worms to embed backdoor programs to remotely remotely control computers.

In the first quarter of this year, there were also several malicious programs specifically attacking vulnerabilities, the first of which was the frequent hydraq attacks on the media, which locked in internet Explorer (IE) vulnerabilities. In addition, a malicious program specifically publishes spam messages containing malicious attachment files, attacking known vulnerabilities in Adobe Acrobat and Adobe Reader, and locking users who are interested in the Shanghai World Expo.

In addition to attacking individual users, cyber-criminals also attack corporate organizations, because once they succeed, they can get a lot of account login information at once.

In addition to these web-style threats, automated execution (autorun) malware transmitted via a portable or external hard drive is still quite popular in the Asia-Pacific region. However, the trend of today's malicious programs is to use a variety of infection routes. and the target range of attack also has the tendency of shrinking gradually.

The shared local area network is still the mainstream of the current computer environment. However, these networks, once hacked, could lead to the release of sensitive information, so adopting a cloud security solution would be a smart way to help prevent the network from being invaded. "Blackhat SEO search engine poisoning techniques and vulnerabilities are the same principle of exploiting user behavior patterns," said Paul Oliveria, a researcher on trend technology marketing. As a result, the attacks that have taken place in the United States will sooner or later be in Asia, but sooner or later. ”。