Morphing PDFs in new SEO poisoning trick

Posted by   Virus Bulletin on   Mar 5, 2010

Harmless documents replaced by web pages containing malicious code.

Researchers at F-Secure have discovered a new SEO poisoning trick in which attackers put harmless PDFs on a website to raise the site's profile in web searches but, after the site has been indexed by search engines, replace the PDFs with web pages containing malicious Flash code.

SEO poisoning is a popular trick among malware authors in which they try to get their malicious sites ranked at or near the top of search engine results, often on searches for key hot topics. In this case, surfers searching for ice hockey players were led to URLs containing apparently harmless PDF documents.

After some time had passed, the crooks replaced the innocent PDFs with web pages containing malicious Flash code which, if executed, would install rogue anti-virus software on the user's computer.

Google and other search engines work hard to keep their results clean and accurate but those with bad intentions are always a step ahead; VB advises users always to exercise caution when visiting links in search results.

More at F-Secure's blog here.

Posted on 05 March 2010 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

NCSC gives important advice on lateral movement

The UK's National Cyber Security Centre (NCSC) has provided helpful and practical advice on preventing and detecting lateral movement by an attacker within a network.

What kind of people attend Virus Bulletin conferences?

If you are considering submitting a proposal for a talk to VB2018 and you're not familiar with the event, you may find it useful to know what kind of people attend the conference.

Olympic Games target of malware, again

An unattributed malware attack has disrupted some computer systems of the 2018 Winter Olympics. In 1994, a computer virus also targeted the Winter Olympics.

There are lessons to be learned from government websites serving cryptocurrency miners

Thousands of websites, including many sites of government organisations in the UK, the US and Sweden, were recently found to have been serving a cryptocurrency miner. More interesting than the incident itself, though, are the lessons that can be…

We need to continue the debate on the ethics and perils of publishing security research

An article by security researcher Collin Anderson reopens the debate on whether publishing threat analyses is always in the public interest.