|
Apple Territory Attacked By Search Engine Poisoning
By Joe Purcell
Expert Author
Article Date: 2011-06-09
MacDefender is making headlines as the first widespread virus for Apple's OS X. The virus is being promoted through search engine poisoning (SEP) and has yet to be determined just how many users have been affected. On May 31 Apple finally responded with a security update which was immediately followed by the release of a modified version of the virus, MacGuard. This virus is just one example of the growing SEP threat that is generally unaccounted for.
The Application Defense Center (ADC), Imperva's research arm, recently produced a second report through the Hacker Intelligence Initiative (HII). The report explains that SEP attacks "manipulate search engines to display search results that contain references to malware-delivering websites." As an Infosecurity article comments regarding the report, the attacks are "highly successful and without any apparent counter-measures being deployed by search engines."
SEP attacks can be done in many different ways. Attackers can take control of websites, such as through hacked FTP access, and upload files under the hacker's control. They can also promote malicious code through sponsored links which requires no hacking at all. The most basic form is called Cross Site Scripting (XSS). The HII report explains how this works in greater detail, but in essence pages are made that look like high ranking pages and then get highly ranked themselves.
As one blog explains, these attacks are commonly found in Google's image search, which is where the MacDefender virus was promoted. It is much more difficult to poison website searches because there is a lot involved to get a high page ranking. The mentioned blog gives a great explanation of how these attacks are constructed and lists several examples.
The blog estimates there are over 15 million page visits directed from Google image searches every month, then references another article which records over 113 million new visitors for one particular SEP campaign. The 113 million is referring to just one image SEP campaign, and there are many other campaigns and many other methods for SEP.
"At least 5,000 sites have been compromised," according to PCWorld. Google has implemented measures to protect users such as adding alerts when clicking on hacked sites. One suggestion from Brian Krebs is to install the Noscript add-on for Firefox will will prevent scripts from running on websites unless the user specifically allows it. It is unclear, yet, how administrators can respond to protect their users, but hopefully search engines like Google and Bing will respond in like manner to Apple in providing protective solutions for users.
About the Author:
Joe Purcell is a technology virtuoso, cyberspace frontiersman, and connoisseur of Linux, Mac, and Windows alike.
|
|
