Sunbeltblog comments
msn.com and live.com are by far the worst between the major search engines in "cleaning up" these fake results. While it's not particularly rare that these show up in Google and Yahoo, one gets the impression that at least they're trying to clean results up by removing these domains. Not so with msn.com and live.com, that for a lot of completely legitimate keywords show up endless lists of these sites.
Not only is Google NOT trying to clean up these fake results, they actively encourage and profit off of the act. They even show an example using the generic phrase "computer software". Absolutely disgusting.
No, that's not true. Google DOES clean these up -- the point is that MSN and Live aren't!
Google's initiative to warn the user of a bad site is very responsible.
Even though it is a free search engine, I feel like they still have the duty to put out the best and safest results they can.
Symantec Security Response Blog is referencing this posting (Elia Florio
in the latest blog entry):
http://www.symantec.com/enterpri...esponse/weblog/
Elia is wondering what this 'SEO' campaign is all about... E.g. it's about spreading rogue software like the notorious ErrorSafe - as you can easily spot if you activate JavaScript in Firefox. Basically, it's about making money, of course...
Cheers, Frank
Frank, Elia Florio claims:
"At the moment we know that the encrypted Javascript embedded in those weird pages is redirecting users to the domains hxxp://www.itzzot.cc and hxxp://e1.extreme-dm.com. Fortunately, neither of these domains is hosting any malicious files or exploits at the moment—they just track visitors"
However, I have personally seen most of these sites running exploits just today. I'm not sure why he's claiming this (but remember -- the gromozon gang targets only Italy, which means the actual exploits are loaded ONLY if an italian IP is detected server-side, otherwise non-malicious pages are loaded).
I can confirm the exploit are already there. Also, the format:
http://[number].[random_italian_word].com/
[keywords_permutation]
is not the only one being used.
@ Alex Eckelberry
Are you sure google does clean?
look that:
http://www.google.it/search?q=gi...t&start=60&
sa=N
there's this link 9.nkcvkehwiouvner.info/abiti-sex-in-leather-it/ in the search results.
And on this page:
http://www.google.it/search?q=gi...t&start=70&
sa=N
theres is another link:
giubbotti.lue.f67efc27cd6dbb7dc45d93b167798cea.inf
o/giubbotti-uomo
on this page http://www.google.it/search?q=gi...&start=170&
sa=N
you find this link: 6.noortaarey.info/giubbino-fay/
Nice -- keep them coming...
Is there something wrong with the Italian branches of these various search engines? ie is the Italian Yahoo search engine also filled with badware sites?
And why Italy? I know it happens with others obviously, but why so much with Italy...
Yes, Italy is probably the most targeted Country of all these days, at least by the former-USSR gangs. It's been like that for months now. Why Italy? I have no idea, but I doubt it was chosen randomly. Either they noticed the amount of vulnerable machines was superior, or there must be somebody in Italy supporting them and making sure they can act freely. Possibly both things.
The Register now has an article about Live Search and malware:
http://www.theregister.com/2007/...s_live_malware/
Commenting by HaloScan
