PandaLabs has analyzed malicious URLs positioned on the Internet over the last three months by hackers to trick users into downloading malware or directly steal their bank details
Every week, hackers are creating 57,000 new Web addresses which they position and index on leading search engines in the hope that unwary users will click them by mistake. Those who do, will see their computers infected or any data they enter on these pages fall into the hands of criminals. To do this, they use an average of 375 company brands and names of private institutions from all over the world, all of them instantly recognizable. eBay, Western Union and Visa top the rankings of the most frequently used keywords; followed by Amazon, Bank of America, Paypal and the US revenue service.
These are the conclusions of a study carried out by PandaLabs, Panda Security’s anti-malware laboratory, which has monitored and analyzed the major Black Hat SEO attacks of the last three months.
Some 65% of these fake websites are positioned as belonging to banks. For the most part, they pose as banks in order to steal users’ login credentials. Online stores and auction sites are also popular (27%), with eBay the most widely used. Other financial institutions (such as investment funds or stockbrokers) and government organizations occupy the following positions, with 2.3% and 1.9% respectively. The latter is largely accounted for by the US revenue service or other tax collecting agencies.
Payment platforms, led by Paypal, and ISPs are in fifth and sixth place, while gaming sites – topped by World of Warcraft- complete the ranking.
Just as in previous years malware or phishing was typically distributed via email, in 2009 and particularly this year, hackers have opted for BHSEO techniques, which involves creating fake websites using the names of famous brands, etc.
This way, when users search for these names, a link to the malicious website will appear among the first results returned. When they visit these sites, one of two things will happen: either malware will be downloaded onto the user’s computer, with or without their knowledge, or the website spoofs the appearance of a genuine page, a bank say, and users will unwittingly enter their details which will fall into the hands of criminals.
According to Luis Corrons, Technical Director of PandaLabs, “The problem is that when you visit a website through search engines, it can be difficult for users to know whether it is genuine or not. For this reason, and given the proliferation of this technique, it is advisable to go to banking sites or online stores by typing in the address in the browser, rather than using search engines which, although they are making an effort to mitigate the situation by changing indexing algorithms, cannot fully evade the great avalanche of new Web addresses being created by hackers every day”.
Since 1990, PandaLabs’ mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs (pandasecurity.com) has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions.
Currently, 99.4% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.