Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Worm produces false Google SERPs

__/ [Mikkel Moldrup-Lakjer] on Monday 19 September 2005 16:31 \__

> Roy Schestowitz wrote:
>> 
>> It only comes to show how fragile the browser is. Although I have not
>> read any of the articles in depth, I can imagine that a good kernel would
>> never allow this. How can an actual browser be /injected/ with data? What
>> would be the purpose of allowing this? It's the equivalent of me stashing
>> my laundry in somebody else's apartment, coming back days later to find
>> that it was washed by accident.
> 
> The article I linked to says:
> "Even users who mistype the www.google.com address are redirected to the
> fake site, which also supports the same range of languages as
> Google.com. This redirection is achieved by modifying the hosts file in
> the infected computer's operating system, which is a kind of address
> book used to quickly connect the browser to Web sites."
> 
> However, earlier in the article it is explained, that the modification
> of the browser is achieved by deceiving users into installing a small
> program they believe is a free Star Wars game...
> 
> So it would seem that explains it? The user has to willfully install the
> worm.


Good investigate work collecting the appropriate bits...

I would now safely blame that opaque Registry mechanism. Doesn't it use some
mechanism for "trusted sources" or the like? I am not sure the users are
part of the problem (for willingly giving the worm a 'home'). That worm
could identify itself as anything it wishes. The O/S must assume that
malice exists too.


> What impresses me is the boldness of the people using dirty tricks in
> this case. And the fact that Adsense money is so big now, that it can in
> itself be the motive of creating a worm or a virus.
> 
> It should be extremely easy to crack down on all the firms/advertisers
> who benefit from the worm by getting their Adwords ads on top of the
> SERPs. And/or to crack down on the people managing the server in
> Germany. Maybe they just figured they could make enough money before
> getting caugt, making it worthwhile.
> 
> Mikkel

[referring to my earlier point]

Do you reckon they have laundered their money yet?

Roy

-- 
Roy S. Schestowitz      | Useless fact: ~70% of organisms are bacteria
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
  8:30am  up 25 days 20:44,  3 users,  load average: 0.13, 0.29, 0.56

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index