Searching for Malware: A Review of Attackers' Use of Search Engines to Lure Victims

Presented at DEF CON 18 (2010), July 31, 2010, 11 a.m. (50 minutes)

For many people, the first page they visit online is a search engine; in fact, in the US alone more than 14 billion searches per month happen on Google, Yahoo! and Bing. These searches are then siphoned into thousands of popular search terms that are ripe for attackers to exploit. Attackers understand the number of eyeballs and browsers that are at stake and have targeted their attacks against popular search engine results in order to reach the broadest audience possible. For the past five months, Barracuda Labs has been observing and measuring attackers' use of search engine results to host malware or redirect users to malicious sites, collecting data multiple times a day and checking for malicious content around the clock across Google, Yahoo!, Bing and Twitter. In this talk, we reveal statistical data about the search engines and terms that were most targeted. We will highlight key attacker trends, and examine the ability of traditional security approaches like anti-virus and URL filters to react to the rapid movements by the SEO poisoning attacks.

Presenters:

• Dr. Paul Judge - Chief Research Officer & VP Cloud Services, Barracuda Networks
  Dr. Paul Q. Judge serves as chief research officer and vice president of cloud services at Barracuda Networks. In this role, he leads the Barracuda Labs threat intelligence team and is responsible for application security, Web threat, intrusion and anti-spam intelligence for over 100,000 appliances deployed worldwide. He was co-founder and chief technology officer at Purewire, a Web security SaaS vendor acquired by Barracuda Networks in October 2009. Previously he served as chief technology officer of CipherTrust and Secure Computing. Dr. Judge is a recognized authority on Internet security, having won numerous honors including InfoWorld Top 25 CTOs, Atlanta Power 30 under 30 and MIT Technology Review Magazine's 100 Top Innovators under 35. He regularly presents at leading conferences and is quoted by national business and technology trade press, and has been awarded 10 patents and has over 20 patents pending. Dr. Judge earned a Ph.D. in Computer Science from Georgia Tech.
• David Maynor - CTO/cofounder, Errata Security; and Research Scientist for Barracuda Labs, Barracuda Networks
  Dave Maynor is a research scientist with Barracuda Labs. He is also co-founder and CTO of Errata Security. Prior to founding Errata Security, he has held positions for both security vendors and organizations in industries such as education and media. Maynor contributes heavily to the ProtoDev program with both proof-of‐concept software and newly discovered vulnerabilities. He is an author and sought-after speaker delivering cutting-edge research talks to audiences at conferences including Blackhat, Defcon, ToorCon, Microsoft's Bluehat and CanSecWest. Maynor has been quoted in technology articles for international news outlets such as The New York Times, CNN and the Fox News Channel. As an author, Maynor has several books to his credit on information security and regularly contributes to Dark Reading, a leading information security news outlet.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Maynor
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - David Maynor and Paul Judge - Searching for Malware - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=oHWqTOEond8

Similar Presentations:

• Black Hat USA 2010 / Lord of the Bing: Taking back search engine hacking from Google and Bing
• DEF CON 18 (2010) / Lord of the Bing: Taking Back Search Engine Hacking from Google and Bing
• DEF CON 20 (2012) / Tenacious Diggity: Skinny Dippin' in a Sea of Bing