Tuesday, December 15, 2009

Boeing 787 Searches Hijacked by Rogue AV

Today, the Boeing 787 Dreamliner jet completed its much awaited first flight. As users searched to find videos and news articles related to the story, blackhats quickly moved in for yet another attack against Google search results.

The most popular search for several hours today was “787 first flight video”. This search and related searches are saturated with malicious results leading to rogue AV and potentially other malicious payloads.

At peak hours, 5 out of the first 9 results lead to malicious payloads as users were pushed through a series of redirect pages and to different distribution points.

While the distribution points and payloads varied, their effectiveness did not. Most sites were undetected by Google Safe Browsing and the malicious payloads they delivered had very low anti-virus detection rates.

This latest attack is nothing new, but it is shocking how quickly and effectively cybercriminals are able to react to the latest news trends. In this particular attack, the dangerous top results seemed to be compromised sites with existing reputations which makes detection much more difficult.

No comments: