Google has just purged its index of thousands of malware sites that were being displayed in results lists for hundreds of innocuous search phrases. It’s a quick end to a huge attack that could have caused a global uproar.
The criminals registered tens of thousands of domain names and set up servers, almost all within the last few days. The web sites were seeded with innocuous text so they would appear legitimate to a crawling indexer from Google, and the bad guys used various technical tricks to move them to the top of search results for phrases like “Christmas gifts” and “hospice.”
If you clicked through to one of the malware sites, various bad things would happen to your computer if your computer did not have all its security patches. Even if you were patched up to date, one variation would prompt you to install a “video codec” or “ActiveX object” supposedly required to view something on the page – a lie, of course. Remember, all your security precautions are for naught if you click okay and install something evil voluntarily! You can see screen shots of how the Google results appeared and what you might see at one of the malware sites here at Sunbelt Software, one of the firms that uncovered the attack.
There’s speculation that this was the handiwork of the “Russian Business Network,” highly-organized, very bad people suspected of being behind a fair amount of the worst high-tech things going on – spam, child pornography, malware, phishing, cybercrime, and denial of service attacks.
When Google removed the sites from its index, it apparently foiled the attack, described by one security researcher as “fairly epic.”
Here’s an article with some background about the attack and Google’s response.