New
#1
This wouldn't have anything to do with the SEO exploit flood that's making the news today?!
Improve Web User Experience with IIS SEO Toolkit RTW an
-
-
New #2
-
New #3
Hi z3r010,
Sorry, have deleted the item. I get a number of alerts from the likes of ZDnet (which I think was the one running this SEO item a day or two ago)... It sounded quite alarmist.
Will have a quick google for it later tonite.
Cheers,
LMH a.k.a. carioca
-
New #4
November 17th, 2009
Thousands of web sites compromised, redirect to scareware
Posted by Dancho Danchev @ 12:12 pm
Categories: Anti Virus, Botnets, Browsers, Hackers, Malware...
Tags: Search Engine Optimization, Web Application, Web Site, Attack Vector, Google Search...
221 TalkBacks
- Thumbs UpThumbs Down
- +4046
Updated: Thursday, November 19 - According to eSoft who contacted me, they’ve beenmonitoring the campaign since September, with another 720,000 affected sites back then.
There are now over a million affected sites serving scareware, with only a small percentage of them currently marked as harmful. Google has been notified. As always, NoScript and your decent situational awareness are your best friends.
Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware.
More details on the campaign:
The compromised sites are hosting legitimately looking templates, using automatically generated bogus content, with a tiny css.js (Trojan-Downloader.JS.FraudLoad) uploaded on each of them which triggers the scareware campaign only if the visitor is coming a search engine listed as known http referrer by the gang - in this case Google, Yahoo, Live, Altavista, and Baidu :
“Cyveillance has discovered a complex attack vector that uses Google search results to distribute malicious software (malware) to unsuspecting Internet users. Using this attack vector, users click on links within Google search results and are routed to sites that attempt to download malware to their computers. The attack method also relies on inattentive webmasters who do not update the software on their sites and often unknowingly provide the material that appears in the search results.At first, it would appear that the campaign is an isolated one and is maintained by a cybercrime enterprise yet to be analyzed. However, analyzing it reveals a rather anticipated connection - the massive blackat SEO campaign has been launched by the same people who operate/or manage the campaigns for the Koobface botnet. For instance, the domains mentioned by Cyveillance, as well as the newly introduced ones over the past couple of hours, are the very same domains currently embedded on Koobface infected hosts.
The common string albums/bsblog/category is found in the URLs for all these blogs. By simply using the Google search parameter allinurl, along, you can see how many other sites contain the same string. As can be seen in the image above, more than 260,000 URLs are presented in Google’s search index leading to blogs similar to the ones illustrated in our example.
As you can see, only a small portion of sites in the search results carry a warning provided by Google. The reason for the small number of warnings is likely because the actual attacks do not take place on the website URLs in the search results, but on the sites you’re redirected to thereby decreasing the chances that Google will designate the destination sites as harmful.”
- Go through related posts - The ultimate guide to scareware protection;My scareware night and how McAfee lost a customer; Scareware scammers hijack Twitter trending topics; 9/11 related keywords hijacked to serve scareware; Koobface Botnet’s Scareware Business Model - Part One; Koobface Botnet’s Scareware Business Model - Part Two
How did they manage the compromise the sites? Through web application vulnerabilities as the attack vector, with OWASP’s recently updated Top 10 most critical web application security risks, highlighting some of the riskiest ones.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popularsecurity blog. See his full profile and disclosure of his industry affiliations.
Email Dancho Danchev
Sorry mate, I meant to post the link itself only...
Improve Web User Experience with IIS SEO Toolkit RTW an
Posted: 17 Nov 2009
More...Remember the scene in Diehard when he shoots the glass? That was cool. What’s even cooler is now you can fine tune your Web site for the search engine, thus improving the experience for your Web users.
Today, Microsoft announced the releases of IIS Search Engine Optimization (SEO) Toolkit RTW and IIS URL Rewriter 2.0 RC – both extensions for IIS.
Don’t take it personally – I know it can be hard when your significant other tells you how to make improvements on something you worked hard on, let alone a faceless piece of software. But really, they are both just trying to help. Think of the customers.
The IIS SEO Toolkit helps Web developers, hosting providers, and Web server administrators to improve their Web site’s relevance in search results by recommending how to make the site content more search engine-friendly. The IIS SEO Toolkit helps to improve the volume and quality of traffic to your Web site from search engines, control how search engines access and display Web content, and inform search engines about locations that are available for indexing.
We’ve all been to a cocktail party when you’re trying to impress that certain person, and they ask for the URL of the latest project you are working on. It’s embarrassing when you have to rattle off a long-winded URL with question marks, equal signs, random ID numbers, and ampersands. But with URL Rewriter, you don’t have to anymore.
IIS URL Rewriter 2.0 adds support for outbound response rewriting and enables Web administrators to create powerful rules to implement URLs that are easier for users to remember and easier for search engines to find. IIS URL Rewriter 2.0 can now replace the URLs generated by a Web application in the response HTML with a more user friendly and search engine friendly equivalent, modify the links in the HTML markup generated by a Web application behind a reverse proxy, and fix up the content of any HTTP response by using regular expression pattern matching. IIS URL Rewriter 2.0 helps to easily define rules that match URLs or HTTP headers to generate more friendly and consistent URLs, protect content and assets from unauthorized linking and scanning, and integrate with existing IIS features to improve management, performance, and troubleshooting.
Did I mention it’s free? And it’s available to download and install today with the Microsoft Web Platform Installer 2.0, your one-stop shop to get everything for the Microsoft Web Platform – including IIS SEO Toolkit RTW and IIS URL Rewriter 2.0 RC. From IIS Extensions to the Windows Web App Gallery and beyond, there is sure to be something useful for your Web site endeavors.
Oh, if you run PHP, be sure to check out our learning section on Running PHP Applications on IIS. We have a ton of brand new and updated content to help provide PHP on Windows users a single source of end-to-end guidance. Pretty sweet!
For more information or to download, please visit the IIS SEO Toolkit RTW page and the IIS URL Rewriter 2.0 RC page.
Eric Rezabek
Senior Product Manager
IIS/Web
Quote
Related Discussions