/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNEW DELHI, INDIA:The malicious use of search engine optimization (SEO) techniques dominated Asia’s web attacks in Q1 2010, according to data collected by Trend Micro TrendLabs from January to March. In APAC, malware continued to arrive in systems primarily via Internet download, dropped by other malware, or via removable drives.
According to a Trend Micro press release, cybercriminals exploited hot topics and manipulated search results to subsequently pass on several FAKEAV variants to target systems. While blackhat SEO is not an entirely new technique, leveraging keywords related to trending issues remains to be an effective tool in malware propagation.
Among the APAC-related events used to lure users into clicking malicious links were news on the Philippines’ 6.0-Magnitude earthquake, Filipino-Australian actress Anne Curtis’ wardrobe malfunction and the boxing match between Manny Pacquiao and Joshua Clottey. In all three attacks, the compromised search results led to the download of malware posing as antivirus software. The end goal of all three attacks is to trick users into purchasing the rogue AV product.
ALSO READ: SECURITY TRENDS 2010
Apart from the continued proliferation of FAKEAV, compromised systems that are part of botnets were likewise proven to continue growing in size. Used by cybercriminals to further their malicious activities, botnets effectively steal information, send spammed messages, and enable remote users to gain access to infected systems. Several botnets made the news this quarter, with the notorious KOOBFACE resurfacing to make the headlines. Unlike previous attacks which used bogus YouTube pages, the recent incident redirected victims to a misleading site named YuoTube, which prompted users to download the malware disguised as an Adobe Flash Player file. Another botnet that rose to fame this quarter was an old-school network botnet primarily targeting vulnerable DSL modems and routers. Dubbed as the “Chuck Norris Botnet”, it propagates by spreading a worm which has backdoor capabilities.
The first quarter of the year has likewise been marked with several vulnerability exploits beginning with the much-publicized HYDRAQ-related attacks related to an Internet Explorer (IE) vulnerability. A known flaw in Adobe Acrobat and Reader was also exploited by malicious attachments of spammed messages that appeared to be targeting interested participants of the Shanghai Expo.
Instead of simply targeting individual users, however, cybercriminals also targeted organizations to obtain several login credentials at once. This quarter, China’s largest search engine, Baidu, was reportedly the victim of a Domain Name System (DNS) hijacking attack primarily staged by to obtain the login credentials for its registrar account.
Apart from these web-based threats, auto run malware carried by removable drives continued to be prevalent in APAC as well as seen in the number of malware that use removable or physical drives as infection vectors. However, the current trend appears to be the use of not just a single infection vector, but several vectors in a single attack. The attacks are likewise increasingly becoming more targeted in nature.
At present, shared networks continue to be the popular choice. However, considering the fact that sensitive information are continuously falling into the wrong hands because of cybercriminal attacks, cloud computing security is smart alternative that could help prevent compromised networks. “Blackhat SEO techniques and exploitation of vulnerabilities share the same idea: it all comes from user behaviours,” explained Amit Nath, Country Manager, India & SAARC, Trend Micro. “Incidents that have happened in the US, could be in Asia sooner or later, the possibility is still out there.”