tumblr hit counter

Volcanos, Ashes and Malware

Apr 19

When the volcano Eyjafjallajökull erupted causing a chaos in the air traffic, on the one hand I remembered all my colleagues who were in Barcelona at the BlackHat Europe (many of them are still there thanks to the volcano…) and on the other I thought about the typical attacks we see everyday using the search engines. However, this time I made a bet: “I bet anything that there is no SEO attack using the name of the volcano”

Everything is fine for the moment, as nobody seems to know the correct name of the volcano. Taking a quick look while I was writing this post, I’ve seen these 4 names in 4 different media:

Eyjafjöll

Eyjafjallajökull

Eyjafjalla

Eyjafjallajokull

And this is the result of malicious links when you search the names:

Eyjafjöll                   -            1 result

Eyjafjallajökull     -            0 results

Eyjafjalla                 -            0 results

Eyjafjallajokull     -            0 results

It seems I was almost right ;) And at least both the first and second names are right.

Anyway, don’t you think that we are free from malicious searches, as we have an avalanche of malicious results when we look for words related to the news:

Resultados maliciosos en Google
Malicious results as shown in Google

The words used by the cyber-crooks in this attack are the following (for the moment):

Iceland Volcano News

Iceland Volcano Images

Iceland Volcano Eruption

Iceland Volcano Video

Icelandic Volcano

Iceland Volcano Satellite Image

Iceland Volcano 2010

Volcano in Iceland

South Iceland Volcano 2010

Volcano 2010

When clicking any of these links, we are redirected to different websites from which different fake antivirus (rogueware) try to be installed on the computer:

Adware/SecurityTool

Adware/SecurityTool

Adware/CleanUpAntivirus
Adware/CleanUpAntivirus
Adware/CleanUpAntivirus
Adware/CleanUpAntivirus

Post to Twitter

  • (10) Comments

Comments

  1. Mats Linde says:

    Jökull is glacier and fjall/fjöll mountain in Icelandic.

    • Luis Corrons says:

      So we can translate the volcano’s name as “glacier mountain” :)
      No malicious results on that term… yet ;)

      • Mats Linde says:

        To clear the confusion, the volcano Eyjafjall is under the glacier Eyjafjalljökull and the glacier got it’s name from the volcano.
        I think the volcanoname means something like “islandmountain”.
        I don’t know if it’s possible to call a volcano for malware otherwise I suppose I’m quite off topic.☺

        • Morten says:

          Nope, sorry, it’s a feature not a bug. ;-)

        • Hans Erren says:

          Strictly speaking Eyja is “island”, fjöll is “mountain”, fjall/a is “of the mountain” and jökull is “glacier”
          Eyja-fjalla-jökull is therefore glacier-of-the-Island-mountain
          The correct name would therefore be Eyjafjöll meaning ” Mount Island”.
          A proper english equivalent that describes the event would be the “Mount Island eruption”.

  2. Don DeBolt says:

    The search term Eyjafjallajökull (cut and pasted here) was not used by the criminals because it wasn’t used as a keyword in searches. It wasn’t searched for because yes it is difficult to spell. The keyword never made it on Google Trends. The criminals simply ask Google what people are searching for using Google Trends and use the resulting keywords in their BlackHat SEO logic. This is a very effective BlackHat SEO methodology for current events. Other BlackHat SEO tactics are at play but the keywords utilized are less time sensitive and not event driven.

Trackbacks

  1. [...] original here: Volcanos, Ashes and Malware Posted in Security News Tags: ash, black, both-the-firts, colleagues, europe, fake av, image, [...]

  2. [...] d’antivirus Panda security révèle que plusieurs faux sites ont été mis en place pour tenter d’attirer les internautes à la [...]

  3. [...] with you some of the findings that Asier Martinez and I made yesterday while investigating the BHSEO attack on the Icelandic Volcano and all the flight mess in Europe. As I explained yesterday, when you click one of the malicious [...]

  4. [...] mot kändisar som ska uppträda i Europa. Vissa påstår till och med att det är en kupp för att sprida datorvirus via fejkade nyhetsartiklar. Jag tror dock att det här är något mycket [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!


    Panda Security on Facebook
  • Blogroll

  • Categories