Attackers are now using the research of distributed malware Google images, say security experts. Thousands of sites have been compromised by the injection of code - malicious code will redirect users to fake anti-virus applications.
Internet Storm Center researcher Bojan Zdrnja writes that attackers primarily target sites Wordpress and PHP code that generates pages with images based on the highly searched content injection. Google then indexed these pages and images appear on the Google image search.
Hack of the image is very widespread and effective
Researchers image can be redirected to these false antivirus sites, with Google images displays when you click it, Zdrnja wrote in a blog note this week. At least 5 000 sites have been compromised, and Google may be serving up to 15 million visits per month to these malicious pages.
Researcher in Russian security Denis Sinegubko, said that, in about 90 per cent research compromised image, results of malicious Web sites appear on the first page.
"The main problem is not that cybercrooks succeeds in seriously poison Google Image search results, but the fact that many people click on these results and get exposed to malicious content," Sinegubko wrote on the blog of Parasites from uncovering Thursday.
Google improving detection
Google said it is aware of the problem and made an effort to detect the malicious pages. He would not detail its plans for fear that attackers can adjust their methods to work around the efforts of the company. Sinegubko is also developing an add - on for Firefox that will alert you to the users of these links.
Efforts are already underway to protect users from Google on the side of the web search: Google has added alerts to the sites potentially pirated in December of last year, and browser of Google's Chrome blocks potentially dangerous downloads. For some reason, the Google image search is not protected.
What can you do while waiting for you to protect if you feel that you have visited a malicious site via Google Images? Security experts recommend not to try to click your way out of it. Instead, quit the application in browser using Ctrl-Alt-Delete.
No comments:
Post a Comment