Finjan, a company specializing in the detection, analysis and research of Web threats, released its Cyber-Crime Intelligence Report today. The report focuses on how cyber-criminals lure unsuspecting users to their sites, and how they make money doing it. You might be surprised. The CTO for Finjan, Yuval Ben-Itzhak, told me, "criminals use search engine optimization (SEO) as one way to distribute their rogueware." Here is how it works: Cyber-criminals inject SEO targeted pages into compromised Web sites by embedding misspelled keywords such as Gogle or Obbama, and popular words from Google Trends. The idea is that they want these compromised Web pages to be indexed by search engines and then show up as top results in searches. Each of these injected SEO pages were linked to other dynamically generated pages to increase the probability of them being indexed higher in the results. However, these pages contained an additional script that redirected the unsuspecting user to a site designed to download malware onto the user's computer
Just how successful is this type of attack? In one day, Finjan was able to capture a number of successful redirects to compromised sites by search engine:
- Google - 404871
- Unknown - 19502
- Yahoo - 14913
- AOL - 9380
- Auto - 7097
- Comcast.net - 1880
- Ask - 1083
- Live.com - 508
Finjan found that 1.8 million users were redirected to a rogue anti-virus software site in 16 days. Member sites that redirected users to the rogue sites were paid 9.6 cents for each successful redirection. This translates into $172,000, or $10,800 per day. Who said cyber-crime does not pay?
You can download the report here, after a short registration process.