Searching for Malware: A Review of Attackers’ Use of Search Engines to Lure Victims

DEF CON 18

Presented by: David Maynor
Date: Saturday July 31, 2010
Time: 11:00 - 11:50
Location: Grande E-F
Track: Track 5

For many people, the first page they visit online is a search engine; in fact, in the US alone more than 14 billion searches per month happen on Google, Yahoo! and Bing. These searches are then siphoned into thousands of popular search terms that are ripe for attackers to exploit. Attackers understand the number of eyeballs and browsers that are at stake and have targeted their attacks against popular search engine results in order to reach the broadest audience possible. For the past five months, Barracuda Labs has been observing and measuring attackers’ use of search engine results to host malware or redirect users to malicious sites, collecting data multiple times a day and checking for malicious content around the clock across Google, Yahoo!, Bing and Twitter. In this talk, we reveal statistical data about the search engines and terms that were most targeted. We will highlight key attacker trends, and examine the ability of traditional security approaches like anti-virus and URL filters to react to the rapid movements by the SEO poisoning attacks.

David Maynor

Dave Maynor is a research scientist with Barracuda Labs. He is also co-founder and CTO of Errata Security. Prior to founding Errata Security, he has held positions for both security vendors and organizations in industries such as education and media. Maynor contributes heavily to the ProtoDev program with both proof-of‐concept software and newly discovered vulnerabilities. He is an author and sought-after speaker delivering cutting-edge research talks to audiences at conferences including Blackhat, Defcon, ToorCon, Microsoft’s Bluehat and CanSecWest. Maynor has been quoted in technology articles for international news outlets such as The New York Times, CNN and the Fox News Channel. As an author, Maynor has several books to his credit on information security and regularly contributes to Dark Reading, a leading information security news outlet.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats