Hackers Create 57,000 Fake Web Addresses To Trick Or Infect Users – Every Week!

Every week, hackers are creating 57,000 new Web addresses which they position and index on leading search engines in the hope that unwary users will click them by mistake. Those who do, will see their computers infected or any data they enter on these pages fall into the hands of criminals.

To do this, they use an average of 375 company brands and names of private institutions from all over the world, all of them instantly recognisable. eBay, Western Union and Visa top the rankings of the most frequently used keywords; followed by Amazon, Bank of America, Paypal and the US revenue service.

These are the conclusions of a study, which has monitored and analysed the major Black Hat SEO attacks of the last three months.

Some 65% of these fake websites are positioned as belonging to banks. For the most part, they pose as banks in order to steal users’ login credentials. Online stores and auction sites are also popular (27%), with eBay the most widely used. Other financial institutions (such as investment funds or stockbrokers) and government organisations occupy the following positions, with 2.3% and 1.9% respectively. The latter is largely accounted for by the US revenue service or other tax collecting agencies.

Payment platforms, led by Paypal, and ISPs are in fifth and sixth place, while gaming sites – topped by World of Warcraft- complete the ranking.

Just as in previous years malware or phishing was typically distributed via email, in 2009 and particularly this year, hackers have opted for BHSEO techniques, which involves creating fake websites using the names of famous brands, etc.

This way, when users search for these names, a link to the malicious website will appear among the first results returned. When they visit these sites, one of two things will happen: either malware will be downloaded onto the user’s computer, with or without their knowledge, or the website spoofs the appearance of a genuine page, a bank say, and users will unwittingly enter their details which will fall into the hands of criminals.

The problem is that when you visit a website through search engines, it can be difficult for users to know whether it is genuine or not. For this reason, and given the proliferation of this technique, it is advisable to go to banking sites or online stores by typing in the address in the browser, rather than using search engines which, although they are making an effort to mitigate the situation by changing indexing algorithms, cannot fully evade the great avalanche of new Web addresses being created by hackers every day.

Luis Corrons has been working for Panda Security since 1999. He started in the technical support department, helping home and corporative users with virus incidents. A year later, he joined the international technical support team assisting Panda's technical support belonging to their partners distributed over 50 countries around the world. In 2002, he became PandaLabs' director as well as malware alerts coordinator in worldwide infection situations, dealing with worm such as Klez, SQLSlammer, Sobig, Blaster. Sasser, Mydoom, etc. During this time, he has coordinated several automated projects related with malware, such as the automatic analisys and response system, and the malware automatic information system. His first contact with computers was at the age of 4, with a Sharp MZ-80K, which he started Basic language programming with. His main hobbies are his wife Nerea, his dog Robin and his work as well as chess and videogames.