Cybercriminals use fake search engines to spread malware

Cybercriminals have moved on from search engine optimization techniques and are now creating fake search sites designed solely to direct Web surfers to pages hosting malware, Panda Security warned on Wednesday.

Previously, attackers resorted to sending e-mails with malicious code in attachments and with links to malicious Web sites and took measures to push those Web sites higher in search engine rankings. Now, they're also creating fake search engines that are showing up in Google search results, according to a PandaLabs blog posting.

When people use the engines to search for popular terms, like "flu statistics," the results displayed redirect to porn sites that purport to show video but require the visitor to install what they say is the latest version of a video player but which instead is malware, the post said. Searching on the fake search engines for security topics leads to fake antivirus sites, PandaLabs said.

One of the fake search engines has received about 195,000 visits, according to the post.

Web surfers should use reputable search sites to protect themselves, PandaLabs recommends.

This screenshot shows results on a fake search engine that redirects visitors to sites hosting malware, according to PandaLabs.

(Credit: PandaLabs)

[beat_elite]

and how exactly do you find a fake search engine in the first place? all the ads i see online are mostly mmo advertisements.

[Vegaman_Dan]

Fake search engines are found on a variety of sites. It just takes a link on a site that gets listed on Google.

You search for Hot Wheels and some malicious site creates an interim site that has Hot Wheels in the headers or on the page itself, then just include a hyperlink of a cached search or link to what looks like a search engine. The effect is that you type in Hot Wheels in Google, it gives you a list of sites with those words and that page may have a lnk on it for a search result that is fake.

[t8]

Fake search engines will mean that people will be careful who they search with and this will probably play to Google's favor.

[Seaspray0]

What I can't figure out is that the criminals are operating out in the open. The website and IP address are owned by someone. Why aren't they being arrested?

[Vegaman_Dan]

@Seaspray wrote:

"Why aren't they being arrested?"

That becomes the problem. They operate these interim sites that have the search engine links on them. It's not illegal to have a site that has links on it. It's how Bittorrent sites operate now- they don't have the actual content, just some pointers to it. As a result, the interim site is not responsible for where that link might go. That site itself does not actually compromise the user's system.

As long as they continue to use the interim site that gets hit by search engines, they are somewhat insulated against legal action.

[monkeyfun14]

Which is the issue with these technicalities.

[monkeyfun14]

"When people use the engines to search for popular terms, like "flu statistics," the results displayed redirect to porn sites that purport to show video but require the visitor to install what they say is the latest version of a video player but which instead is malware, the post said. Searching on the fake search engines for security topics leads to fake antivirus sites, PandaLabs said."

At that point your really just asking for it. If your looking up something like flu statistics and it takes you to a porn site wouldn't most people realize something is up with this search engine close the page and find a new one?

[jminkler]

Isn't that a picture of a parked site? Sure it's malware, but classifying it as a "Search Engine" ? Come on Panda ...

[setjeff15081947]

Ever been directed to a fake search engine on a newspaper's front page? A magazine with an E-mail containing Mal-Ware? A bound book with a Phishing Scam? When was the last time Random House released an operating system with security holes? "Thou shalt reap what thee hath sown!"

Luddite Here ... and yet, here I is on the Cnet website. Go figure ... ???