Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Target Tsunami Search Results

Soulskill posted more than 4 years ago | from the bandwagon-has-arrived dept.

Security 57

xsee writes "Only hours after the earthquake and resulting tsunami from Chile, hackers began manipulating search results to direct people seeking information on the event to infected webpages. Exercise caution as to where you get information on this tragedy. Chester Wisniewski describes what happened after he saw a suspicious site listed second on a Google search: 'It appears to be a normal website with information and videos about different Asian tsunamis over the past few years. It is difficult to tell whether this particular page was SEO-optimized, or was an innocent victim of a malicious script. SophosLabs got back to me that this page contains some obfuscated malicious JavaScript that we detect as MAL/ObfJS-R. This script was appended after the normal code on the page.'"

Sorry! There are no comments related to the filter you selected.

first (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31307580)

first first!

Sick? (3, Insightful)

ilovegeorgebush (923173) | more than 4 years ago | (#31307596)

Not only do I think this is a little sick on the part of the blackhats, but it does pose some other concerns.

Firstly, are the media going to pick up on this and if they do, will they spin it as an opportunity to bad-mouth the Web and its communities, as well as encourage talk of "tougher rules" and the like.

Since this is a JS vulnerability, I'd certainly like to see more discussion and thought around how seriously we take JS integration on the web and how we approach it as a core target for evil-doers to exploit. Could more be done?

Lastly, how are the web search engines going to react? Could more things like this call for censorship of Google, Yahoo etc; or at least more claims for 'responsibility of the search engines'?

Re:Sick? (5, Informative)

Anonymous Coward | more than 4 years ago | (#31307692)

CNN was actually discussing this in their reporting yesterday. They were very clear about this being done by bad folks, not the web in general, and the things people should look out for. Overall I think they gave it very clear, concise, non-technical coverage that was more than fair.

Re:Sick? (1)

caffeinemessiah (918089) | more than 4 years ago | (#31310066)

CNN was actually discussing this in their reporting yesterday. They were very clear about this being done by bad folks, not the web in general, and the things people should look out for.

Given the amount of money and time CNN has invested in gadgetry and web-whizbangery, over any other network by far, they would be fools to (a) draw too much attention to this unless it becomes a serious problem, and (b) NOT cover it calmly, and without resorting to fear-mongering. I suppose that answers GP's question, at least as far as CNN. Now, Murdoch-owned Fox News is a different story altogether....

Re:Sick? (1)

Hurricane78 (562437) | more than 4 years ago | (#31312226)

Uuum, do you mean the same CNN that quotes random twitter comments on live television as if they were news?

Yeah, much better than FOX UnNews.

Re:Sick? (1)

JackieBrown (987087) | more than 4 years ago | (#31314080)

I see CNN stories about how FOX news mispelled something one day or put the title "congresswoman" instead of "congresman" in front of a republican's name.

CNN needs to get over not being first anymore and focus on the news.

Re:Sick? (3, Insightful)

geekmux (1040042) | more than 4 years ago | (#31307940)

Not only do I think this is a little sick on the part of the blackhats, but it does pose some other concerns.

No real surprise there. Morality is waaaay down the Blackhat list, well below "money" and "power".

Firstly, are the media going to pick up on this and if they do, will they spin it as an opportunity to bad-mouth the Web and its communities, as well as encourage talk of "tougher rules" and the like.

Yes, and it's rather unfortunate that the media has about as much accuracy on the subject as the National Enquirer does reporting fact.

Since this is a JS vulnerability, I'd certainly like to see more discussion and thought around how seriously we take JS integration on the web and how we approach it as a core target for evil-doers to exploit. Could more be done?

Never gonna happen. Java/JRE/JS is the holy grail of environments when it comes to cross-OS integration, and it's not like other options (flash) are devoid of their vulns. Besides, it's always a risk/reward for companies, and a company will generally never take Security over Revenue.

Lastly, how are the web search engines going to react? Could more things like this call for censorship of Google, Yahoo etc; or at least more claims for 'responsibility of the search engines'?

What you're asking from the search engines would pretty much be the death of them. I'd much rather have products like AVG warn me in search engine results, or rely on better browser protection rather than censor my results.

Re:Sick? (4, Informative)

Vellmont (569020) | more than 4 years ago | (#31307964)


Firstly, are the media going to pick up on this

I doubt it. Your computer being infected with crap isn't particularly scary.. probably because it happens so often that most people are already familiar with how un-scary (but obviously annoying) it really is. The media picks subjects that are NOT common. Man bites dog, not dog bites man. They'll continue on spreading fear about uncommon events on the internet like sexual predators and stalkers. People fear things they don't know about.

Since this is a JS vulnerability

The "javascript vulnerability" just redirects you to a known malware site. Going to a website isn't in itself much of a threat.

The real vulnerabilities (the ones that can infect your computer) exist in largely Adobe Flash, Microsoft Internet Explorer, somewhat in Adobe PDF Reader, and people just being stupid and running an executable because "the computer" told them to.

The last item is probably the hardest one to fix, and likely can't be fixed with technology (the authoritarians of the world like Kaspersky want to try to solve this through idiotic internet licensing schemes). The other three most certainly are technology problems, and can be fixed with technology. Adobe and Microsoft aren't too keen on actually fixing the problems however.

Re:Sick? (1)

Darkman, Walkin Dude (707389) | more than 4 years ago | (#31308980)

Not only do I think this is a little sick on the part of the blackhats

A little sick? These swine are long overdue a greeting from a gnarled set of knuckles, methinks.

Re:Sick? (0)

Anonymous Coward | more than 4 years ago | (#31311012)

It is a good argument for inhumane punishment for black hats. Their crimes transcend human decency. I suppose a proactive use of apprehended black hats would be to slice up their brains for research into this human look alike species and the rest sent to Purina to be recycled to fertilizer.
Can anyone find a complete definition of "human" that applies to black hats, in light of these and other antics?
We do pull weeds to preserve the garden, this is no different.

Disgusting (2, Insightful)

whisper_jeff (680366) | more than 4 years ago | (#31307600)

When criminal greed crosses the line to utter malice, it's a sign that someone needs to encounter some righteous justice. Some people just deserve a beating.

Re:Disgusting (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31307864)

As annoying as these are, a reasonable combination of browser and security suite, and some common sense, are enough to stop this from getting to be much more than that.

I find much more disgusting the websites that open up claiming to be for whatever relief aid - when in reality they're largely just sites run by crooks pocketing the money for themselves. Not just because they defraud people, but because they are poisoning the well; any indy site that really does send donations, parts of profits/proceeds of sales, etc. to proper relief aid funds, are met by cynism.

Even worse are the 'missionaries'.

Re:Disgusting (1)

dominious (1077089) | more than 4 years ago | (#31307928)

As annoying as these are, a reasonable combination of browser and security suite, and some common sense, are enough to stop this from getting to be much more than that.

Please shut up. The world is not techie.

Re:Disgusting (0)

Anonymous Coward | more than 4 years ago | (#31308130)

Please bite me. I don't think he's expecting the world to be techie. He's just expecting the world to NOT BE SO FUCKING STUPID.

Re:Disgusting (0)

Anonymous Coward | more than 4 years ago | (#31309300)

Well, your statement shows that you two are the stupid ones.

Re:Disgusting (1)

laughingcoyote (762272) | more than 4 years ago | (#31311124)

One needs not be an expert on home security to learn that locking one's windows and doors is a reasonable precaution, so I'm not sure how your point that not everyone is an expert is relevant. One needs not be "techie" to install Firefox and an A/V suite. We're not talking about writing your own browser and A/V, just clicking a couple of prompts. That takes no more training than learning to lock a door.

And, yes, before you use any tool, be it a power drill, a telephone, or a computer, you should familiarize yourself with the basics on how to operate it properly. Doesn't mean you have to know it inside out and backwards, but you should know at least the basics of what to do. If you fail to do so, you can't complain much when you drill through your finger or wind up in a botnet.

Re:Disgusting (1)

Macka (9388) | more than 4 years ago | (#31308426)

Agreed. There should be a special kind of hell waiting for these people.

Re:Disgusting (0)

Anonymous Coward | more than 4 years ago | (#31308478)

So, you don't want to beat them up because they've upset you? It's because they "deserve" it.

Right. If you want some street justice then get it yourself, tough guy.

I'll see you in the news.

Re:Disgusting (0)

Anonymous Coward | more than 4 years ago | (#31313016)

Of course he would beat them up given the chance! - Who wouldn't?

People exploiting disasters and similar for personal gain should be beaten severely - and generally punished in the worst possible way. Just like terrorists and terror sympathizers actually. No punishment is too cruel for them and they deserve it in full.

Re:Disgusting (1)

girlintraining (1395911) | more than 4 years ago | (#31308568)

When criminal greed crosses the line to utter malice, it's a sign that someone needs to encounter some righteous justice. Some people just deserve a beating.

Of course, we never make mistakes in our conclusions over who the guilty party is. Advocating the use of permanent physical damage to a person's body as an acceptable judiciary solution renders impossible the reversal of the damage should new evidence ever become available, or the process itself fail in some fashion. It is for this reason that we prefer the use of federal prison, with its own set of more socially acceptable punishments for which the state is not responsible. Hint: Soap.

So...? (0)

Anonymous Coward | more than 4 years ago | (#31307618)

This happens every time a big news story breaks, especially for natural disasters. We saw it with Haiti as well - it's hardly news.

Re:So...? (1)

tomhudson (43916) | more than 4 years ago | (#31307822)

It's still news, and it's still news that matters. People are dying, others want to help, and a 3rd party tries to get in between and skim off as much as they can. The day that we no longer consider this news is the day we as a society say that this is just normal behavior.

Re:So...? (0)

Anonymous Coward | more than 4 years ago | (#31307996)

It is normal... just not acceptable.

Color me unsurprised (4, Interesting)

JustNilt (984644) | more than 4 years ago | (#31307638)

I saw clients hit with this behavior after the Michael Jackson hit the news and with each major story since. Each time a tragedy hits I tell my girlfriend virus/spyware cleaning calls are about to pick up a bit for me. Sad but entirely predictable now.

Re:Color me unsurprised (4, Informative)

Anonymous Coward | more than 4 years ago | (#31308534)

It's predictable because it's automated. The technique these guys use is called 'blackhat SEO'. They have automated scripts that pull data from Google's page of search trends and automatically throw these pages up based on the search results for searches for the highest trending keywords. There's not much of a manual process behind it. If you check out the latest search trends and search for those terms, you'll see tons of malware sites showing up. It has nothing to do with what the news event or search term is. This has been going on for a while.

I love these! (0)

Anonymous Coward | more than 4 years ago | (#31307644)

They all use XSS for page redirection... I just go through and make my list of pages vulnerable to XSS for my own use when I want to toy with someone on a forum :D

If there really is a hell... (1, Troll)

gyrogeerloose (849181) | more than 4 years ago | (#31307816)

...Satan is readying a room for these guys.

Can someone explain this to me (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31307824)

How can a browser, via javascript on top of that, infect a computer with a virus/trojan/whatever? And can Javascript even write files to your drive?

Re:Can someone explain this to me (4, Funny)

Clover_Kicker (20761) | more than 4 years ago | (#31307862)

No, but your browser can show fake dialog boxes and try to trick you into downloading and installing an executable.

Google "hot russian olympic curling chicks" and try a few links, I was looking for a pic to post on another forum and it seems every second google hit has a javascript bomb attached.

Re:Can someone explain this to me (2, Funny)

ColdWetDog (752185) | more than 4 years ago | (#31307938)

I was looking for a pic to post on another forum

hot russian olympic curling chicks

Umm, right. Sure. Whatever floats your boat, buddy.

Re:Can someone explain this to me (1)

taoye (1456551) | more than 4 years ago | (#31308038)

have you seen the Russian olympic curling team?

Re:Can someone explain this to me (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31308080)

NSFW

Yes [oglympics.com]
Please [oglympics.com]

Re:Can someone explain this to me (1)

JustNilt (984644) | more than 4 years ago | (#31310950)

NSFW? Seriously? I mean, some of them are nude-ish but there's no actual porn or anything. I guess it depends where you work but man, that's hardly offensive.

*wonders if he missed something worthwhile*

Heh, seriously I didn't expect anywhere near that level of attractiveness. Wow.

Re:Can someone explain this to me (0)

Anonymous Coward | more than 4 years ago | (#31309136)

Google "hot russian olympic curling chicks" and try a few links,

So I just tried that, and your slashdot comment ranks #8 on the list of results. No malware sites came up.

Re:Can someone explain this to me (2, Informative)

Clover_Kicker (20761) | more than 4 years ago | (#31310280)

Protection? (2)

commodore64_love (1445365) | more than 4 years ago | (#31307840)

How do we protect ourselves from these malicious script websites?
(Note: I'm using the Opera X 10.10 browser.)

Re:Protection? (-1)

Anonymous Coward | more than 4 years ago | (#31307918)

Burn your computer in the cleansing fire of kerosene.

It is the only way.

THE ONLY WAY!

Kerosene isn't the right way (1)

Yvan256 (722131) | more than 4 years ago | (#31308708)

Nuke it from orbit, that's the only way to be sure.

Re:Protection? (0)

Anonymous Coward | more than 4 years ago | (#31307932)

Easy: Do not allow your computer to run software that you don't have a good reason to trust. It's that simple. It applies to both native executables and "sandboxed" (if you're lucky) javascript and so on.

EVERY web site should be treated as untrusted unless you have a reason to trust it. The default should be untrusted, not trusted. Unless you trust it, don't allow it to run any software on your computer. It's *your* computer, not *their* computer. You get the ultimate say in what it does, not some random 3rd party.

Re:Protection? (2, Informative)

EMG at MU (1194965) | more than 4 years ago | (#31307988)

The NoScript plug-in for Firefox.

Or run your browser in a VM and revert to a clean image each time your done browsing.

Or disable javascript in Opera, but the web will act a lot different.

Re:Protection? (2, Informative)

Spyware23 (1260322) | more than 4 years ago | (#31309416)

Allow javascript -only- on a whitelist basis.

Re:Protection? (1)

WuphonsReach (684551) | more than 4 years ago | (#31311974)

Allow javascript -only- on a whitelist basis.

Exactly this. Nothing else is rational at this point in time. Letting random sites run code on your machine *will* get you infected at some point.

(Personally I use both NoScript and FlashBlock for Firefox. With a very selective whitelist. Which pretty much prevents all attacks, unless they infect one of the few dozen sites that I have whitelisted.)

Re:Protection? (1)

phillipsjk256 (1003466) | more than 4 years ago | (#31312430)

Disable Client-side scripting like Javascript. Don't install Flash and Silverlight plug-ins. If a website does not work, they are probably not worth the time of day.

Wake up!!! (2, Informative)

jasonq (244142) | more than 4 years ago | (#31307858)

This is /., right? Can we please STOP calling these FUCKTARDS hackers!!!

Re:Wake up!!! (0, Troll)

geekmux (1040042) | more than 4 years ago | (#31307970)

This is /., right? Can we please STOP calling these FUCKTARDS hackers!!!

Jesus, chill out man. Unless, you're known as Hacky McHackerton, President and CEO of Hacker, Inc., it probably doesn't affect YOU or your professional "creds" THAT much. Yeah, this is /., and we generally know what people mean regardless of verbage.

Re:Wake up!!! (0)

Anonymous Coward | more than 4 years ago | (#31308014)

verbiage, yo.

Re:Wake up!!! (1)

Kooty-Sentinel (1291050) | more than 4 years ago | (#31309460)

Unfortunately in today's world, 'cracker' just doesn't have the same ring as 'hacker' is. I work for a it security consulting firm - even in our marketing materials we knowingly use the term 'hacker' to describe the bad guys.

Re:Wake up!!! (1)

jgrahn (181062) | more than 4 years ago | (#31309992)

This is /., right? Can we please STOP calling these FUCKTARDS hackers!!!

AOL. The unwashed masses can call them "hackers" all they want, but the word shouldn't have that meaning here.

Same thing happend with Joannie Rochette (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31308056)

After Joannie Rochettes short program, I googled it because I missed it. Literally the first 2 pages or so of results were 90% dummy sites with malicious payloads.

This isn't new at all. EVERY time a popular search pops up, these douchebags try to game the results to get their pages on the first page.

happens with with the killer whatle story too (0)

Anonymous Coward | more than 4 years ago | (#31308228)

This is happening too with the trainer killed by the whale, I googled and found 2 sites trying to make download a file that virustotal says 4/41 is a worm.

Not Hackers... Crackers! (0)

Anonymous Coward | more than 4 years ago | (#31308306)

If the knowledge is still be using to do bad things, the individual one is a Cracker, not a Hacker.

Watch Hawaii Tsunami Video (1)

aguntukbd (1750416) | more than 4 years ago | (#31308942)

Watch Hawaii Tsunami Video: The one of the effects of Chile Earthquake 2010 The aftermath of Chile earthquake is worsening. Today morning a Japanese island was hit. The one of the effects of the strong earthquake that recently hit Chile is the tsunami that has hit Hawaii. Watch Here [thetechjournal.com]

meanies (0)

Anonymous Coward | more than 4 years ago | (#31309450)

gosh darn meanies. to heck with those cunts. muddy funsters that they are!

allchile.net fighting the spammers (4, Informative)

cenc (1310167) | more than 4 years ago | (#31311116)

I operate allchile.net, a forum for expats in Chile that has been operating for a little over 4 years. I am located in Temuco, Chile (about 100 miles south of the worst devastation) and just got my internet connection back a few hours to see all the spammers on google trying to force their way in to the position. Now me and all the other established sites in Chile, with real history and connections to know what is going on in Chile are fighting the Google spammers to try and get people in touch with their missing relatives and get news out to the World about the distaster.

If you have a web site, and want to help us, link to the real sites about Chile. Even Facebook, twitter, and CNN are in a way in our way. They will be all chatting up the topic for a week or two more, then they will be gone. Our sites will still have to fight back up to the top of Google while trying to assist with the reconstruction.

My sites and my friends sites (all run by people on the ground in the disaster by the way):
http://www.allchile.net/ [allchile.net]
http://www.allsouthernchile.com/ [allsouthernchile.com]
http://www.santiagoradio.cl/ [santiagoradio.cl]
http://www.thepulse.cl/ [thepulse.cl]
http://www.spencerglobal.com/ [spencerglobal.com]

I put on my robe and grammar Nazi hat. (1)

zill (1690130) | more than 4 years ago | (#31311194)

It is difficult to tell whether this particular page was SEO-optimized...

Search engine optimization-optimized?

Lost in the next tsunami? (1)

OrangeTide (124937) | more than 4 years ago | (#31311198)

What if the people who did this mysteriously disappears the next time there is a tsunami, even if they are far inland? Would anyone actually bother looking for them?

Search engines need malware detection (1)

butlerm (3112) | more than 4 years ago | (#31318632)

Incidents like this are a good reason for search engine operators like Google to add malware detection to their systems, refuse to index such pages, and actively blacklist the hosts (by dropping them entirely from the index or from the search results) until the problem is fixed.

It is probably also a good idea to penalize pages with clearly dodgy (if not malicious) javascript in terms of page rank as well.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?