November 10, 2010, 2:13 PM — Cybercrooks continue to abuse the Web, boosting their ability to produce what's called search engine optimization poisoning so that individuals making use of search engines such as Google's increasingly are ending up with choices that are dangerous malware-laden URL links.
Some 22.4% of Google searches done since June produced malicious URLs, typically leading to fake antivirus sites or malware-laden downloads as part of the top 100 search results, according to the Websense 2010 Threat Report published Tuesday. That's in comparison to 13.7% of Google searches having that outcome in the latter half of 2009, says Patrik Runald, Websense senior manager of security research.
Royal pain: British Royal Navy site hacked
The rising level of SEO poisoning, also known as "Black Hat SEO," shows that cybercriminals "are fine-tuning their activities and getting better at this," Runald says, adding that although search engines such as Google work hard to try and stymie the Black Hat SEO effect, the trend is evident.
The irony is that when it comes to getting infected by malware, the chances of that are now less risky at porn and adult content sites, historically viewed as a high source of malware (now at 21.8%) than just searching for less scandalous topics, such as news, IT and entertainment. Runald adds that recognized news sites such as CNN or Fox News are not the sources of malicious links but are designed as malware traps to fool people into stumbling upon them through search results.
Black Hat SEO was on display during this year's Haiti earthquake on Jan. 12, when there was active Web searches being done to find out news about it and efforts to help, and "bad guys use major crises and events like this to spread their malicious code," the Websense report notes.
Much of the time the victim doing the search who clicks on a bad URL will end up at a rogue antivirus site where someone's trying to sell fake anti-malware software, Runald points out. This year, the trend has been that the rogue A/V vendors expanded to include "exploit kits to get their malware onto the PC" and that malware is now more likely to be ZeuS or other dangerous banking Trojans.
In general, according to the report, the number of malicious sites overall -- that is, the number of direct links with some form of malicious content -- is up 111% in 2010 over 2009.
And though the Web is a constantly shifting universe, the number of malicious Web sites are also seen to be climbing, from about 1 million per month in April 2009 to 2 million today. Eighty percent of legitimate sites have at one point or another been compromised in some form and usually then cleaned up, according to Websense.
It also notes social-networking giants Facebook and Twitter are also rapidly rising as vehicles for malware and spam. For instance, 40% of all Facebook status updates have links and 10% of those links are either spam or malicious, according to Websense.
The 2010 Threat Report also highlights:
* The United States at 53.7% and China at 24.8% are the top countries in 2010 for malware on the Web, with the remaining countries, such as Spain, Brazil the Netherlands and others, holding less than 6%.
* The United States is the top country for hosting crimeware (such as banking Trojans or other malware to conduct cybercrime) at 34.2%, followed by China at 11.79% and Brazil at 10.28%.
* The United States was the top country hosting phishing sites at 44.7%, followed by Sweden at 37.21%.
* The top five hosts for data-stealing code for 2010 were: pc-optimizer.com; host127-0-0-1.com; beancountercity.in; 0texkax7c6hzuidk.com; and googlegroups.com.
Read more about wide area network in Network World's Wide Area Network section.
