Google adwords account holders are being targeted by criminals out to trick them into handing over credit card information using a clever URL spoof that has gained popularity in recent weeks.
Google adwords account holders are being targeted by criminals out to trick them into handing over credit card information using a clever URL spoof that has gained popularity in recent weeks.
On the face of it, the scam follows a traditional attack route involving the sending of spam emails to random Internet addresses in the hope of finding users who have purchased adwords. The email claims that the user's account payment has failed and asks them to "update payment information", again a transparent ploy by today's standards.
As obvious as this might sound, the unwary might easily be tricked by the convincing http://adwords.google.com/select/login link embedded in the email, a perfect copy of the correct Google login address. This one, however, actually leads to http://www.adwords.google.com.XXXX.cn/select/Login [address altered], an obfuscated address that directs to a site associated with IPs in Germany, Romania, and the Czech Republic.
The site is a good copy of the real Google adword site, and appears to let users login using their real account details - any account details will work in fact. Entering payment details results in that information being posted using an SSL link to a remote server after which the account will ripped off.
The attack has been publicized by security software company Trend Micro, but the disarmingly simple scam is widespread enough to have been received by ordinary users in recent days.
Google adwords exploits are not uncommon, some involving serving exploits directly, others involving the much more basic social engineering techniques used in the latest attack. Indeed, the latest phishing attack bears a strong resemblance to a near-identical campaign launched a few weeks back by Chinese criminals.
As common as 'account update' attacks have become, the spoofed - in other words convincing - URL is still the key to reeling in victims. Criminals seem to have realized that users are paying more attention to such details, and that phishing success bar has been raised by this.
Dienstag, 6. Mai 2008
Onebox für Sport
In der Websuche wurde ein neue Onebox eingebaut. Diese liefert nun Sportergebnisse. Vorerst bekommt man nur Fußballergebnisse für englische Vereine, wie zum Beispiel Arsenal. Ähnliches gab es auch schon zur WM 2006 mit Informationen rund um den Fußball.
Die Mobile Suche zeigt aber Ergebnisse aus NBA, NHL, MLB, NFL, NCAA und anderen Fußballligen wie: Primera División, Serie A, Bundesliga, Ligue 1 etc.
Die Mobile Suche zeigt aber Ergebnisse aus NBA, NHL, MLB, NFL, NCAA und anderen Fußballligen wie: Primera División, Serie A, Bundesliga, Ligue 1 etc.
Changes To Google UK Trademark Policy Will Result In Lawsuits
In the US marketers may use competitors' trademarks as keywords, so long as they don't appear in the ad text itself. Previously Google used a more restrictive policy in the UK, not allowing use of competitors' trademarks at all. Last month the company changed its UK rules to conform to the more liberal US policy.
Accordingly, UK marketers are promising to sue when the new policy is implemented. One legal expert interviewed about the change suggested that UK regulators will ultimately be compelled to step in to resolve the anticipated dispute.
Accordingly, UK marketers are promising to sue when the new policy is implemented. One legal expert interviewed about the change suggested that UK regulators will ultimately be compelled to step in to resolve the anticipated dispute.
Yahoo! Adds Alerts to "Risky" Search Results
Yahoo! Search has begun a partnership with McAfee, Inc. to provide SearchScan, which uses McAfee's SiteAdvisor technology to flag URLs it deems "risky" in the search results. Results are flagged with the type of danger below the title. This new feature is primarily aimed at preventing spyware and other malicious software from being downloaded on searchers' computers as well as at preventing searchers from falling victim to sites that employ spammy email tactics.
The Yahoo! Search Blog provides more information. Below, more details on what types of pages are flagged and how site owners can dispute incorrect flagging.
The types of behavior that causes a page to be deemed risky include:
- Download triggered upon page visit (these types of pages are removed from the search results entirely)
- User-initiated download includes spyware or other malicious sofware
- Site engages in spammy email tactics, such as flooding inboxes with mail
SearchScan is on to alert by default, but searchers can turn it off (or specify that flagged sites shouldn't display at all) in their Yahoo! preferences.
Why has Yahoo! implemented this feature?
The press release being released tomorrow morning quotes a Decipher Inc Online Security & Web Search consumer survey from March of 2008 and says "After children’s safety, 65 percent of Americans online are more worried about clicking unsecured search listings than the threat of neighborhood crime, getting ones wallet stolen or email scams." That's an interesting claim, as I don't know that 65% of online americans know what an "unsecured search listing" is, but the point remains a valid one. Search engines present the web as a whole, and as the web include lots of malicious activity, search engines end up serving up malicious suggestions. This partnership is an attempt to serve up "safe" results without engaging in web censorship.
Google's approach
Google has taken a similar tactic with a partnership with StopBadware.org. Any sites flagged by StopBadware.org include a message below the search result and Google directs searchers who click on these results to a page that provides more information and enables them to either continue to the page or go back to the search results.
If a site is flagged in Google's search results, Google alerts the site owner via email and a Google Webmaster Tools message. Google also provides a dispute and resolution process in the cases where the site owner doesn't agree with the label or makes changes to the site to abide by the StopBadware.org guidelines. In addition, the site owner can obtain more information from the page that Google directs searchers to for flagged pages in the search results.
The dispute and resolution process is actually forwarded to StopBadware.org and site owners can follow the process there.
Yahoo's dispute process
Yahoo! has a dispute process for site owners as well. When you hover over an alert in the Yahoo! search results, a information box appears that includes a site owner link.
That links leads to the SearchScan form, which seems to for both site owners and searchers. When I talked to Yahoo! about this process a month ago, they said, that like with Google's process, they forward the information to McAfee to resolve. I've asked them if they also provide proactive alerts to site owners and they said that if site owners are concerned that their pages may be missing from the search results due to SearchScan, they can turn off SearchScan and check the results:
If your site shows up in that experience, but not in the SearchScan On mode, (all other options such as SafeSearch remaining same) then you can believe that it is due to exploit rating on your site.Note, to make this work, you should ensure that you keep all other elements of the search experience constant between the test with SearchScan off and on. That is
a) make sure you don't change any other preferences
b) make sure you don't change the computer you are searching from in case source IP or other changes affect the query routing
c) make sure you use the same Y! search destination - .com, co.uk etc. because sometimes there are regional rules which cause filtering (for example, france has stricter rules around nazi memorabilia sites etc.)
d) check multiple times across a couple of days. This is important because sometimes there is some localized maintenance going on which might temporarily affect what you see.
As part of the agreement, McAfee will distribute Yahoo! Search to its user base. Distribution is arguably more important to gaining search market share than user interface improvements, and this distribution deal may provide clues to Yahoo!'s strategy. (Two different hotels I've stayed at in the last month have featured a Yahoo! search box on the wifi landing page, more signs that Yahoo! is working hard at increasing distribution.)
May 05, 2008
A Safer Way to Search
Today, we're announcing the beta release of SearchScan, a new feature from Yahoo! Search that helps protect users from viruses, spyware and spam. We've heard from users that security and privacy continue to be major concerns when they are online. We've also learned that solutions that require downloads and constant updating are less than ideal. To tackle the problem, we partnered with McAfee to build a feature that provides a safer and hassle-free search experience to all users.
How does it work? SearchScan leverages McAfee's SiteAdvisor technology to alert users if risky websites appear in Yahoo! Search results. Starting today, SearchScan will be turned on by default for all users in the U.S., Canada, UK, France, Italy, Germany, Australia, New Zealand, and Spain, and will scan for three types of risks in our search index:
- Browser Exploits -- These are sites that can stealthily harm a user's computer or install malware simply by visiting the site. Beginning today, any such sites or pages included in McAfee's data will be removed from search results automatically.
- Dangerous Downloads -- SearchScan will display warnings next to search results for sites that offer potentially dangerous software, such as viruses, spyware or adware. Users often may be unaware that these can be passed along with the screensavers, games and other software downloads.
- Unsolicited Email -- SearchScan will alert users to scanned sites that send unsolicited emails or inappropriately share email addresses with third parties.
With SearchScan, our goal is to protect users by allowing them to make a more informed decision about the websites they visit. By displaying prominent warnings next to search results for sites with potentially dangerous downloads or unsavory email practices, users are aware that while visiting the site may be safe, downloading a file or sharing an email address could be risky. Browser exploits, which include drive-by downloads, are different. Since just visiting these sites can cause harm, they will not appear in Yahoo! Search results if they've been identified by McAfee.
While SearchScan will be on by default, users have control over how they use the feature. In preferences, users can choose to turn the feature off or choose to filter out all sites with warnings from their search results.
SearchScan will continue to evolve and improve, but in the meantime, let us know if you have any feedback in the comments below.
Priyank Garg, Director, Product Management
Graham Mudd, Product Marketing Manager
Yahoo! Search
Abonnieren
Posts (Atom)