Search for snow conditions drew virus attack
Gillian Shaw
Sun
Web surfers checking the snow report for Cypress Mountain are the latest target of Google poisoning in which fraud artists get their malicious Web site close to the top of search engine rankings.
Lauri Sawka, who runs the outdoor education program at Notre Dame regional secondary school, was searching for the Cypress snow report this week to prepare for a school snowshoeing trip when instead she found herself fighting off an attack on her computer.
“There were a couple of sites that didn’t give me what I needed so I went to another, it was about fifth down the list in Google,” she said. “I clicked on it and a big red sign came up and it was flashing ‘alert.’
“It said there were viruses on my computer — something like 137 viruses — and it started running.”
A worried Sawka went to find physics teacher Peter Vogel, head of Notre Dame’s Information and Communications Technology, who recognized what the site was attempting and contacted The Vancouver Sun with the warning.
“It’s the first experience I’ve had with local content being used for Google poisoning,” Vogel wrote in an e-mail. The elaborate poisoning scheme, which uses Google, other online search engines and even online ads, lures people into clicking on links that take them to malicious Web sites.
Once there, the unwary surfers can have their computers taken over by the cybercriminals and to add insult to injury, many are convinced to pay $60 for bogus virus protection. Plus the attackers install keystroke loggers to collect banking information, passwords and other critical information which they then sell or use to bilk their victims of more money.
The practice is not new but it was likely Cypress Mountain caught the attention of the schemers because it is the 2010 venue for the freestyle and snowboarding events and recently hosted pre-Olympic competitions. The people behind the attacks, thought to be mostly located in Russia and China, are constantly adding new Web sites as earlier ones are shut down and they follow the news to come up with search terms likely to be popular at any given time.
“They try to create a situation in which whatever people are searching for there is a good chance their lure site will come up on the first page of the search results,” said Roger Thompson, chief research officer for anti-virus and security company AVG. “Their goal is to get their page ranked high enough so it will come up preferably in the top 10 when somebody searches for something.”
Asked about Google poisoning, Google spokeswoman Tamara Micner wrote in an email: “We work hard to protect our users from malware. Many of these results have been removed from our index. However, this issue affects more than just Google, as these sites are still part of the general web. In all cases, we actively work to detect and remove sites that serve malware from our index.”
– – –
VACCINES AND ANTIDOTES FOR ONLINE POISON
While Roger Thompson is with the security software company AVG, which has a popular free anti-virus software as well as a more complete paid Internet security software, he says regardless of what software you choose, it should offer layers of protection:
– A link scanner that blocks sites that could turn up in Google searches but which are recognized by the software as poisoned search results
– Traditional anti-virus scanner
– Identity protection, so if malicious software manages to evade detection through the other systems and starts logging keystrokes or doing other suspicious activity, it would be removed from your computer.
© Copyright (c) The Vancouver Sun
