news March 29th, security researchers Danche · Danchev (Dancho Danchev): a case report of network attacks earlier this month has spread to about 1000000 pages, including some well-known Web site.
according to foreign media reports, dantchev Friday said in a blog: "the attack" and affected the popularity of the site has gone up." According to him, the attack by the well-known sites, including USAToday.com, Target.com and Walmart.com, etc..
at present, the network attack the manufacturer has not yet break the server, but he uses the web page programming error will be malicious code embedded in the search results related to the site’s internal search engine.
Following the implementation of the attack path
attackers: an attacker using internal site search engine search for a popular keywords, such as "Paris · Hilton, however, a HTML instruction is bound to the search results. In this way, the affected users in the open "problem" search results, the framework of embedded browser will open a victim in the background is not aware of the window (iframe), and the directional access path to a malicious web site, access to the malicious web site will install some fake anti spyware software or Trojan software in Zlob the victim computer.
in order to improve the ranking in Google search results, some sites will usually save the search results, and submit it to Google search engine. And when the user uses Google keyword search, the search results have been automatically pop up, part of the search results have been bound to malicious code.
"malicious attacker will internal site search results after the binding of malicious code, the search results will be added to the cache of Google search engine, and the link may even enter Google’s top ten search rankings, and click on all relevant search results the user may move." Danchev said in an interview.
he said he believed that after the attacker’s approach to bind the malicious code has reached more than 1 million pages.
attacker submitted with malicious scripts, the more keywords, the more pages containing keywords, search sites related to the ranking of the more forward." Danchev said. This means that users click on some well-known Web site hosting search results are also likely to open a malicious web page.
Danchev believes that the site to increase the search engine site search request monitoring, the results will be included in the malicious code filtering, which can greatly reduce the impact of such attacks.
more malicious hackers are looking for ways to install malicious code to some well-known sites with high reputation, security vendors found in the monitoring in recent weeks, hundreds of thousands of "the similar attacks were tampered with.