Boulder, CO – October 1, 2008
Webroot, a leading provider of security solutions for the consumer, enterprise and SMB markets, today announced that it has detected a new technique being used by hackers to lure PC users to fake blog sites containing malware.
"For the first time, hackers are capitalizing on the top news stories from Google Trends Labs, which lists the day’s most frequently searched topics, which can include news of the Wall St. bail out or the presidential campaign," said Paul Piccard, director of Threat Research, Webroot. "These highly relevant news stories and videos are being posted to the hackers’ fake blogs to increase the site’s Google search rankings."
These fraudulent blogs contain several video links about the news story for which the users were originally searching. Once a user clicks on one of the video links, they are prompted to download a video codec that downloads a rogue antispyware program designed to goad the user into purchasing an illegitimate program that may put their personal information and data at even greater risk.
"Placing malware in video links on fake blogs is not a novel approach," explained Paul Lipman, Webroot’s senior vice president and general manager of Consumer Business. "However, the fact that these hackers are now manipulating Google’s methods for relevance to increase the ranking of these sites is new and greatly increases the number of people exposed to this threat."
Webroot recommends several steps to users to prevent this type of malware attack:
- Always have a current version of antispyware, antivirus and firewall product;
- Never download free product or purchase them from unknown Web sites and vendors, or peer to peer networks;
- Download videos and other multimedia files only from known and trusted Web sites or blogs;
- Make sure the computer is up-to-date by always installing the latest Microsoft or Apple security updates; and,
- Use a credit card that has sufficient fraud protection when shopping and never use a debit card online.
©2014 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, and Webroot SecureAnywhere are trademarks or registered trademarks of Webroot Inc. in the United States and other countries.