Comments on: Google Trends Abused to Serve Malware http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware Wed, 23 May 2012 15:26:06 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Craig Schmugar http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware/comment-page-1#comment-22709 Craig Schmugar Wed, 26 Aug 2009 18:29:05 +0000 http://www.labs.com/research/blog/?p=821#comment-22709 Dave, This blog is more about search engine abuse and less about social networks. The search results poisoning is addressed with domain and URL reputation products, while the destination of malicious links is covered by anit-virus and host & network intrusion pevention. As far as monitoring social networks, it depends on how heavy handed you want to be. Domain filtering and access controls is one option. AV and NIPS & HIPS is in scope for many attacks as well. DLP does play a role, but that's more about outbound than inbound threats. Dave,

This blog is more about search engine abuse and less about social networks. The search results poisoning is addressed with domain and URL reputation products, while the destination of malicious links is covered by anit-virus and host & network intrusion pevention.

As far as monitoring social networks, it depends on how heavy handed you want to be. Domain filtering and access controls is one option. AV and NIPS & HIPS is in scope for many attacks as well. DLP does play a role, but that’s more about outbound than inbound threats.

]]> By: Dave http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware/comment-page-1#comment-22708 Dave Tue, 18 Aug 2009 17:35:08 +0000 http://www.labs.com/research/blog/?p=821#comment-22708 Craig, Nice blog. But what I want to know is what does McAfee plan to do to address this on the Enterprise level? To date it appears the only thing on the market for monitoring social networks are parental controls software on the desktop. What about an Enterprise solution? Does DLP address some of the concerns? Craig,

Nice blog. But what I want to know is what does McAfee plan to do to address this on the Enterprise level? To date it appears the only thing on the market for monitoring social networks are parental controls software on the desktop. What about an Enterprise solution? Does DLP address some of the concerns?

]]> By: Tricnology http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware/comment-page-1#comment-22706 Tricnology Thu, 26 Mar 2009 13:58:31 +0000 http://www.labs.com/research/blog/?p=821#comment-22706 I guess I clicked on a link in a search and the malware 2009 appeared in my tray. I continued to close them by the x but somehow, it continues to appear. I went into add and remove, it uninstalled but not really. I went into my program files, it denies me access. I us Google for almost everything in my company as well and I have McAfee through Comcast. What should I be searching on, working on and now how is it removed I guess I clicked on a link in a search and the malware 2009 appeared in my tray. I continued to close them by the x but somehow, it continues to appear. I went into add and remove, it uninstalled but not really. I went into my program files, it denies me access. I us Google for almost everything in my company as well and I have McAfee through Comcast. What should I be searching on, working on and now how is it removed

]]> By: Philip Walsh http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware/comment-page-1#comment-22705 Philip Walsh Wed, 04 Mar 2009 11:39:45 +0000 http://www.labs.com/research/blog/?p=821#comment-22705 Because this IS a .exe file - it won’t affect my mac right? Because this IS a .exe file – it won’t affect my mac right?

]]> By: Craig Schmugar http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware/comment-page-1#comment-22703 Craig Schmugar Tue, 03 Mar 2009 04:17:00 +0000 http://www.labs.com/research/blog/?p=821#comment-22703 Anand, Google Trends wasn't manipulated so much as Google's page ranking. Once they were successful at manipulating the page ranking they then went after the most commonly searched terms. As for connecting the dots, there were a couple of elements that lead to the conclusion. 1) The high Google page ranking (which I did not observe with other search engines...the pages are there and indexed, but not placed as high). 2) All the Titles were in lowercase, the same used by Google Trends; and correlating those titles against the Google Trends "Hot" lists. 3) The duplicating of high-ranking content via Google News supported the idea that Google was the target 4) The fact that Google is the search king 5) The apparent lack of equivalent Trending functionality in the other search sites. Other points later supported the idea of Google Trends abuse, such as the stats I posted in my follow-up blog. Anand,

Google Trends wasn’t manipulated so much as Google’s page ranking. Once they were successful at manipulating the page ranking they then went after the most commonly searched terms.

As for connecting the dots, there were a couple of elements that lead to the conclusion.

1) The high Google page ranking (which I did not observe with other search engines…the pages are there and indexed, but not placed as high).

2) All the Titles were in lowercase, the same used by Google Trends; and correlating those titles against the Google Trends “Hot” lists.

3) The duplicating of high-ranking content via Google News supported the idea that Google was the target

4) The fact that Google is the search king

5) The apparent lack of equivalent Trending functionality in the other search sites.

Other points later supported the idea of Google Trends abuse, such as the stats I posted in my follow-up blog.

]]> By: Anand http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware/comment-page-1#comment-22702 Anand Tue, 03 Mar 2009 03:40:40 +0000 http://www.labs.com/research/blog/?p=821#comment-22702 Quite interesting post, of course! I just was checking this out with all different possibilities I could think of. I noticed that the same results occur even when I use the other search engines - MSN, Yahoo. So, how did you conclude that the google trends were manipulated? - just curious to know... Quite interesting post, of course! I just was checking this out with all different possibilities I could think of. I noticed that the same results occur even when I use the other search engines – MSN, Yahoo. So, how did you conclude that the google trends were manipulated? – just curious to know…

]]> By: Sean Sullivan http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware/comment-page-1#comment-22696 Sean Sullivan Thu, 26 Feb 2009 10:32:48 +0000 http://www.labs.com/research/blog/?p=821#comment-22696 Very nice post Craig. Just one note: I blogged that it was "ALMOST too much of a coincidence". I think we agree that there is no direct link between this particular Facebook app and search results. I just don't rule it out completely. Regards, Sean Very nice post Craig.

Just one note: I blogged that it was “ALMOST too much of a coincidence”.

I think we agree that there is no direct link between this particular Facebook app and search results.

I just don’t rule it out completely.

Regards,
Sean

]]> By: Craig Schmugar http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware/comment-page-1#comment-22695 Craig Schmugar Thu, 26 Feb 2009 03:58:49 +0000 http://www.labs.com/research/blog/?p=821#comment-22695 Graham, The link has been updated. Thanks for catching it! Graham,

The link has been updated. Thanks for catching it!

]]> By: Graham Cluley, Sophos http://blogs.mcafee.com/mcafee-labs/google-trends-abused-to-serve-malware/comment-page-1#comment-22694 Graham Cluley, Sophos Thu, 26 Feb 2009 00:35:32 +0000 http://www.labs.com/research/blog/?p=821#comment-22694 Hey Craig. Nice blog entry - makes for interesting reading. Thought you'd like to know that the link about the "red herring" is broken (too many http:'s!!) It should be http://www.sophos.com/blogs/gc/g/2009/02/23/sting-tail-error-check-system-facebook-scare/ Cheers Graham Hey Craig. Nice blog entry – makes for interesting reading.

Thought you’d like to know that the link about the “red herring” is broken (too many http:’s!!)

It should be http://www.sophos.com/blogs/gc/g/2009/02/23/sting-tail-error-check-system-facebook-scare/

Cheers
Graham

]]>