Author Topic: google image hosting malware  (Read 1499 times)

Offline whitetop

  • E = MC² Mad Scientist
  • *
  • Posts: 1910
  • Post quality +39/-12
  • Gender: Male
  • im not in the ass kissing team
google image hosting malware
« on: May 07, 2011, 01:58:06 PM »

   

With searches of the last few days of one person on Google has gave the spammer peeps a new way to high jack your pc and its one of the easiest ways

reports from the web blow:

Attackers are now using Google's image search to distributed malware, security experts say. Thousands of sites have reportedly been compromised by code injection--the malicious code redirects users to fake antivirus applications.

Internet Storm Center researcher Bojan Zdrnja writes that the attackers are mostly targeting Wordpress sites, and are injecting PHP code that generates pages with images based on highly-searched content. Google then indexes these pages, and the images show up on Google's image search.

Image hack is widespread and effective

Image searchers can be redirected to these fake antivirus sites, thanks to Google displays images when clicked, Zdrnja wrote in a blog post this week. At least 5,000 sites have been compromised, and Google could be serving as many as 15 million hits a month to these malicious pages.

Russian security researcher Denis Sinegubko said that, in about 90 percent of the compromised image searches, results from malicious websites appear on the first page.

"The main problem is not that cybercrooks managed to seriously poison Google Image search results but the fact that many people do click on such results results and get exposed to malicious content," Sinegubko wrote to the Unmask Parasites blog on Thursday.

Google in the process of improving detection

Google says it is aware of the problem, and is making an effort to detect malicious pages. It would not detail its plans out of fear that attackers may adjust their methods to get around the company's efforts. Sinegubko is also in the process of developing an add-on for Firefox that will alert users to these links.

Efforts are already underway to protect Google users on the web search side: Google added alerts to potentially hacked sites in December of last year, and Google's Chrome browser blocks potentially dangerous downloads. For whatever reason, Google's image search remains unprotected.

What can you do in the meantime to protect yourself if you feel that you have visited a malicious site via Google Images? Security experts recommend not trying to click your way out of it. Instead, quit the browser application using Ctrl-Alt-Delete.

come to the rite place if you kiss admins as they promote you to admin.

Offline DuctTapedGoat

  • PC Repair Junkie
  • Registered BST
  • Ω Allumnist Ω
  • *
  • Posts: 143
  • Post quality +20/-12
  • Gender: Male
  • I'm a duct-taped goat.
Re: google image hosting malware
« Reply #1 on: May 07, 2011, 03:23:05 PM »
It's a real shame that people are not more educated as far as what to do when they are about to get a computer virus. Any of my clients know, if there appears to be a virus and they don't know the proper action to take, immediately turn off the computer by holding the power button down and bring it to me, or wait for me to get out there.

But, it's simple enough, especially as viruses aren't made like they used to. People don't put pride in their work anymore, says a lot about the generation, really.

That aside though, there is a very simple way to remove "extortionware" (as it's lovingly called). Extortionware is a type of virus/malware that resembles an antivirus in the middle of a scan. It is not installed on your computer, at it's initial point it is just displaying a graphic, waiting on you to click somewhere and activate it, which further compromises your machine.

Immediately on noticing it, Alt-Ctrl-Del and open the Task Manager. Look for the program that is runnings name and write it down (both it's full name listed in the running program's window, the one listed in the Programs tab in Task Manager and the one listed in the Processes tab). Right click the program, and select Go To Process. The process will be highlighted, so right click the highlighted process and select End Process Tree. Not done yet though - there's a few more steps to ensure you're secure. There is a program called CCleaner, it's awesome. Download it, install it, and open it. Click on Options, Advanced, and UNcheck "Only delete files in Windows Temp folders older than 24 hours". Now, use CCleaner to clean your computer of temp files. After it is done, recheck what you unchecked before exiting the program. Next, go to run and type msconfig. Remember when you wrote the name of the program down earlier? Reference back to it. Select the startup tab, and look for the file's or program's name. If you don't see it - good. If you do, uncheck it and hit apply. Now, using the Windows search function, search for the file and program name, including in your search hidden and system files, deleting them and writing down their location on your hard drive. If you are unable to delete the file due to it running, and you are unable to stop it from running by killing the process tree, MBAM has a function called FileAssassin, which can easily delete running programs. Lastly, run RegEdit, and use it's internal search function to look for the file or program you wrote earlier and remove any registry keys that you are 100% positive are keys written by the program in question (after of course, writing down the entire registry key and it's location). When you're finished, run MalwareBytes AntiMalware on a full/complete scan, and then whichever security program you prefer on a full/complete scan and you should be clean of it. After scanning, reboot and check MSConfig's Startup tab again to ensure that it isn't there after the reboot. If it is there again or if you see something that looks completely out of place, repeat all of the steps until it is clean.

The most important tool is a pen and paper, don't forget this, and write everything down and cross reference it via multiple sources. It's a measure twice and cut once kind of thing.

If you aren't sure about the name of a file, application or registry key, you can use google to identify it and ensure that it is a foreign program, and not required for your system to function.

If you aren't confident in what you are doing (as you can make problems worse by messing it up) - take it to someone who is either incredibly fluent with computers or to a tech.


It's relatively simple enough stuff when you know what should be there and what doesn't look like it should be there.
« Last Edit: May 07, 2011, 03:24:28 PM by DuctTapedGoat »

Offline Sammy

  • BST BAN
  • Granny Spanker
  • *
  • Posts: 393
  • Post quality +15/-1
  • Gender: Male
Re: google image hosting malware
« Reply #2 on: May 07, 2011, 06:33:20 PM »
Haha wow when i was at school the other day i was on google images for a project and that scanner thing popped up, but i closed it right when it came up.


Toad: Sam, You sound like your stoned out of your mind lol
Me: :D

Offline geraldrubalcava

  • E = MC²
  • *
  • Posts: 351
  • Post quality +15/-3
  • Gender: Male
  • Acidmods User
Re: google image hosting malware
« Reply #3 on: May 07, 2011, 08:03:46 PM »
DuctTapedGoat i can see your a intellectual person! and its true, most dont seems to put work into it. i one did one in vmware were it expanded any file people clicked on to 3.56 GB, lol my Vm crahsed so fast. lol well those were the fun days.


have you ever experimented with open wrt and running Carma with Jasager? look into it, lol its fun. specialy when you can rich roll people remotely xD! hahhaha lol

 

SMF spam blocked by CleanTalk
SimplePortal 2.3.5 © 2008-2012, SimplePortal