Malicious Websites Plague Ledger Search Results
Malicious Websites Plague Ledger Search Results
January 25, 2008: It hasn’t taken long for cyber criminals to launch a range of exploits playing off the death of Heath Ledger, with a myriad of malicious websites already popping up in an attempt to hijack search results and the PC’s of web surfers shocked by the news.
Trend Micro is warning that millions of people around the world searching for information on the Australian star are at risk as malicious websites infiltrate legitimate search engine results.
Discovered by Trend Micro research project manager Ivan Macalintal within hours of the tragic news, the malicious resemble those that plagued Google’s results late last year, turning up when users use search terms such as “heath” and “ledger”.
Like last year, and again recently when malware authors took advantage of the death of Benazir Bhutto, when a bad link is clicked users are automatically redirected to another site that requires them to download a “new version of ActiveX Object.”
This begins a series of redirections that end in the download of different malicious files such as TROJ_RENOS.LZ, and WORM_NUCRP.GEN according to Trend Micro.
“Piggybacking on newsworthy events is not new,” writes Trend Micro’s Bernadette Irinco on the security firms official blog. “In this case, malware authors simply used news of Ledger’s death to jumpstart massive redirections as they know many people are wont to do searches on this hot news item.”
Irinco does note, however, that there seems to be a bigger story behind this particular attack.
“Upon deeper analysis, researchers find reason to believe that these malicious URLs are among those resulting from the suspected hacking of Web servers of a certain Czech hosting provider,” writes Irinco. “Hacked sites residing in these servers carry a malicious JavaScript code, which, when accessed, follow the same redirection algorithm as the Heath Ledger links.”
The firm says it has initiated communication with the Czech CERT, and adds that in the meantime users can use its threat protection to secure themselves.
Comment on this story