Poisoning of Olympic-related search engine results has appeared, but big names and events are not the obvious targets.
According to Dave Ewart, director of product marketing EMEA at Blue Coat, black hat hackers have changed their tactics to target lesser known athletes and celebrities and have moved away from big events.
Ewart told SC Magazine that while search engine optimisation (SEO) poisoning is still the number one vector for spreading malware, there has been a move away from ‘poisoning' the results of big events to hitting more mundane targets.
He said: “They are hitting a lot more mundane search results and for celebrity searches, they hit more B-listers. This makes sense, as if there is something big happening to an A-lister then it would have less of an impact.”
Asked if he meant that targets would be medal winners from previous Olympics rather than the likes of Bradley Wiggins, Ewart said this was the case, as the SEO poisoning of a person such as Matthew Pinsent is more likely to beat a genuine result because they are not headline news.
Ewart said: “From the research we did, when Steve Jobs died, two per cent of the search results were malicious and when Whitney Houston died in February of this year, the poisoned results began on page 15 of a Google search, so increasingly it is where people are not looking.
“There is no real pattern emerging, but there is a bigger set of search terms around mundane things.”
Research released this week by Trend Micro said that as well as fraudulent websites that claim to sell Olympic tickets, there were a number of fake live streaming sites and when users searched for the keywords ‘watch London Olympics opening ceremony live', ‘watch London Olympics online' and ‘watch London Olympics 2012 live', these websites appeared as one of the top search results.
It said that analysis of the sites found that some of these redirected to fake live broadcasts of London Olympics 2012 and contained a link for buying cheap, albeit bogus, tickets, while other fake live streaming sites redirect to another site requiring an email address.