News Categories
(34)Malware (39)Malicious emails (11)Web 2.0 (24)Facebook (22)Social Networks (44)Spam (2)Defensio (1)Comment Spam (15)Phishing (9)Web spam (4)Click-jacking (38)Compromise (20)Analysis (38)Exploits (14)Research (3)Presentations (3)Conferences (4)security conference (9)Mass Injection (10)Rogue AV (4)Blackhat SEO (2)Neosploit (23)Targeted attacks (7)Video (14)Zeus (5)Microsoft (4)Monthly Reports (1)twitter (3)Google (18)Vulnerabilities (9)Adobe (12)Java (4)Mobile (4)Apple (1)hacked (1)TAB (1)Black Hat USA 2011 (1)Google+ (20)0-day (1)CVE-2010-2884 (1)CVE-2011-1255 (1)Worm (14)Blackhole exploit kit (1)Incognit Exploit kit (2)Tuesday Patch (6)APT (6)Typosquatting (3)Vulnerability Analysis (1)CVE-2011-3402 (4)Web Research (4)Predictions (3)Adult (5)News (3)Black Hat SEO (6)Data loss (8)Scam (1)QR codes (6)Twitter (1)CVE-2012-0003 (1)CVE-2011-3389 (1)CVE-2012-0004 (1)Phoenix Exploit Kit (1)CrimePack (3)Reverse Engineering (2)Captcha (1)Valentine's day (2)Kelihos (1)SC Magazine Award Winner (1)Wordpress (1)MS12-010 (1)CVE-2012-0002 (1)Infosec (2)CVE-2012-0507 (8)Toolkits (1)Skywiper (2)Flame (1)Flamer (2)Passwords (1)freedom of expression (1)censorship (2)Plugins (3)Malvertising (14)Exploit (1)CVE-2012-1723 (1)CSI (2)ThreatSeeker (2)Adventures in Spam (1)CVE-2012-4681 (1)LBS (2)RAT (1)module Apache/2 (1)Cyber Monday (1)Black Friday (1)Pastebin (4)CVE-2012-4792 (1)iPad (1)super bowl (1)iPhone (2)iOS (4)Spear Phishing (1)Threat Report (3)ThreatScope (1)Dynamic DNS (1)China (1)SSL (1)APT1 (2)DLP (3)Hack (1)CVE-2012-4969 (2)threat lifecycle (1)ThreatSeeker Network (1)ACE (10)exploit kit (1)blackhole (2)Black Hole (1)DNS poisoning (1)RedKit Exploit Kit (4)exploit kits (1)threat stages (1)Certificates (1)Topical (1)Waterhole (1)CVE-2013-2463 (1)Neutrino exploit kit (1)CVE-2013-2473 (1)CVE-2013-3893 (2)Collective Threat Intelligence (1)CVE-2013-3963 (1)Targeted Attack (3)Advanced Malware (1)CVE-2013-3897 (1)Tor (5)cyber-crime (1)Mevade (2)Ransomware (3)Social Engineering (1)CookieBomb (2)LinkedIn (1)CVE-2013-3906 (2)Pony (3)Cryptolocker (2)Upatre (1)application telemetry (1)meta-data (3)dr. watson (1)windows error reporting (1)big data (2)data theft prevention (1)DTP (1)telemetry (2)CVE-2014-0322 (2)MSIE 0-day (1)Deputy Dog (1)Ephemeral Hydra (1)CVE-2013-0074 (1)CVE-2013-3896 (1)Silverlight (2)crash reports (1)POS (1)anomaly detection (1)goon (4)angler (1)ru:8080 (1)magnitude (3)flash (1)CVE-2013-2465 (1)malicious iframes (1)FIESTA (1)Exploits Kit (1)iframe (3)CVE-2014-0160 (2)OpenSSL (3)Heartbleed (3)Citadel (2)CVE-2014-1776 (1)VGX.DLL (1)necrus (1)cutwail (2)gameover (3)vulnerability (3)zbot (1)control panel (1)carberp (1)zberp (1)Caphaw (2)Nuclear exploit kit (1)Shylock (1)Dragonfly (1)Zeus PIF (1)bitly (1)fraud (2)RIG Exploit Kit (1)POS malware (1)Point Of Sale Malware (1)Ukraine (1)Russia (1)Shellshock (1)CVE-2014-6271 (1)poodle (1)cve-2014-3566 (1)sslv3 (1)Ebola (1)CVE-2014-4114 (1)CPA (1)Regin (1)CVE-2015-0311 (1)CVE-2015-0235 (1)linux (1)GHOST (1)CVE-2015-0072 (1)Internet Explorer (1)XSS (1)IE (1)TorrentLocker (1)Product Information (1)Money Laundering (1)APSA10-05 (1)Skype spam
RSS Feed
London Olympics Search Results Lead to Objectionable Sites
Posted by Elisabeth Olsen on 10 August 2012 10:28 PM


We’ve previously blogged about Olympic ticket scams, phishingmalware designed to propagate through social networking, and other Olympic security concerns


We also know that hackers take advantage of people searching for breaking news and trending topics about the Olympics through various SEO poisoning techniques. When Georgian luger Nodar Kumaritashvilii died in a tragic training accident just before the Vancouver Olympics in 2010, multiple malware pages quickly appeared in the top search results. Clicking these links led to pages that included pop-up warnings telling the user to click a button to view a video or to clean up computer problems. Of course, clicking led to malware attacks.


SEO poisoning remains a problem, but Google seems to have a better handle on it where searches related to the London Olympics are concerned, at least in English. When we started using Russian search terms, however, things deteriorated quickly. Using the Russian translation for "watch 2012 Olympics online", we did a Google search and clicked on the second item:





While the domain itself is correctly categorized as sports, it's clear some objectionable content is popping up in the ads:




In addition, clicking on the page redirects to various questionable places, including information on how to control men:



In another investigation, Websense® researchers analyzed Twitter traffic based on popular Olympics-related terms, events, and athletes starting two days before the Opening Ceremony through August 8th. Not surprisingly, traffic peaked on the day the Games opened, and three days later when Olympians Tom Daley, Michael Phelps, Ruta Meilutyte, and Maria Sharapova topped the Google trends.



Looking more closely at the data, we found that a handful of Twitter feeds from certain athletes and teams were posting shortened URLs which redirected to Objectionable or Security categories, including Malicious Web Sites and Malicious Embedded Link:



We took a sample set of 3600 of these, unshortened them, and analyzed the category breakdown:



Websense customers are protected from these threats by our Advanced Classification Engine™ (ACE). 



Read more »

Buyers beware—of Olympic scams
Posted by RM on 02 February 2012 12:36 AM

Shady ticket deals for the 2012 London Olympics? Hardly surprising. But when the source is Google's famous AdWords advertising serviceone of the internet giant's main sources of incomethen a double take might be in order.


A BBC investigation found that a Google search for "olympic tickets" resulted in top-of-the-page placement of sponsored sites for vendors selling tickets without permission from Olympic authorities, which is a criminal offense in the U.K. under the London Olympic Games and Paralympic Games Act 2006.


Our research confirmed that the Google search shown below displays an AdWords link




that is not authorized to sell Olympic tickets according to the ticketing website checker on the official London Olympics website.



The prominent display of sponsored ads tends to confer on them a sense of legitimacy. Users may assume that Google has approved the businesses, or at least stands behind them in some way. But in response to a complaint from a would-be Olympic ticket purchaser, Google said, "While Google AdWords provides a platform for companies to advertise their services, we are not responsible for, nor are we able to monitor the actions of each company."


The inner workings of AdWords are complex and opaque. These qualities are essential, because if Google revealed its algorithms, for example, people could easily cheat their way to the top. While the automated system does take into account something called "Quality Score" and consumer ratings, it's clearly not foolproof. A filtering system flags certain keywords for manual review and removal if the ad is found to violate Google's policies, and users can also fill out an online complaint form. Due to the volume of ads, however, a questionable ad may be up for some time before it is reviewed.


Websense® researchers investigated some of  the Olympic ticket scam sites. We found that most of them had multiple backlinks, suggesting they have been widely spammed over the internet in addition to being promoted via Google AdWords. A "backlink" is a hyperlink that links to a specific web page. Both legitimate web pages and spam URLs often try to set up as many backlinks as possible to drive traffic to their sites, and the number of backlinks a site has may affect its ranking in search engine results. Like the hyperlnks in this post, links can be used to provide additional context, information, or examples.


An examination of these backlinks confirmed that "birds of a [bad] feather flock together." One URL yielded 500 backlinking URLs in categories such as Adult Material, Gambling, Proxy Avoidance, Potentially Unwanted Software, Suspicious Embedded Links, and Malicious Embedded Links.


A set of 375 backlinks for another URL found that 104 (27.73%) included various kinds of objectionable content, including security risks (the remaining URLs either had no backlinks or had backlinks for legitimate sites such as News and Media, Business and Economy, and so on).  The breakdown for objectionable/security risk backlinks was as follows:



A closer look at just one of the backlinks tells us a lot about the dangers of allowing comments that are not moderated to be added to any site. In this case, a perfectly legitimate website for a church posted a video of a Sunday School Christmas play and invited viewers to comment:



Viewers and spammers did exactly that, adding links not only to the Olympic ticket scam we started with, but also to a variety of other completely unrelated businesses which may or may not be legitimate, including German gambling and phone sex sites and an Italian "escort" agency:





Defensio from Websense is one way to prevent spammers from posting such links on blogs and other social media, including Facebook pages. With this service, it's easy to block and manage comments, protecting you and your followers from comment spam, malware, and other threats embedded in user-generated content.


With Google searches as with everything else, do your own "due diligence" before making a transaction, even if the business is at the top of the page. In the case of London Olympics tickets, the official website includes the handy ticketing website checker that we used to determine if a URL is recognized as an authorized vendor. There's also a page about staying safe online, which includes a long list of known scams that will only get longer as the July 27 opening day approaches.


Websense customers are protected from these threats by ACETM, our Advanced Classification Engine.

Read more »