How RogueAV does search engine optimization

Discussion in 'malware problems & news' started by MrBrian, Jun 28, 2010.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks for posting!

    This is easy to test (if you are set up to do so)

    1) Copy/Paste the link from the Search page directly into the browser navigation bar. You get directed to the normal web site.

    2) Click on the link in the Search page and the referrer information takes over, triggering the redirection exploit to the Rogue web site.

    Once redirected, the cybercriminal's web sites seem to use social engineering tactics as much these days, if even more, than the drive-by download for this Rogue stuff, as in the example in Bojan's Diary.

    Strangely, there would seem to be a higher rate of return, if you will, with social engineering tactics, since the drive-by download these days requires continuous updating of the exploits contained in the various exploit kits, due to more frequent and quicker patching of vulnerabilities, especially Adobe -- the PDF exploits being some of the most used today.

    In other words, vulnerabilites in "user's thinking" are more exploitable than vulnerabilities in software!

    ----
    rich
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Part 2

    You're welcome :).
     
Loading...
Thread Status:
Not open for further replies.