Tag Archive for: Security

Yesterday we reported on the mass hijacking of thousands of Google+ Local listings. In short, over a short period of time a huge number of hotels with business listings for Google Maps and Search. The story was broke open by Danny Sullivan from Search Engine Land, who attempted to track down the source of the spam attack, with no concrete evidence to suggest who the culprit actually is.

While the issue could have a big affect on many businesses it the hotel sector, it is more notable for showing that other attacks could happen in the future. Even worse, no one outside of Google has been able to explain how this could occur, especially with the number of big hotel chains affected. The hotels hit with the spam weren’t mom-and-pop bed and breakfast places. Most of the listings were for huge hotel chains, such as the Marriott hotel shown in the example of a hijacked link below.

If Google does know how this was able to happen, they aren’t telling. In fact, Google has been terribly quiet on the issue. They’ve yet to issue an official public statement, aside from telling Sullivan that he could confirm they were aware of the problem and working to resolve it.

The only direct word from Google on the hijackings is a simple response in an obscure Google Business Help thread from Google’s Community Manager, Jade Wang. If it weren’t for Barry Schwartz’s watchful eye, it is possible the statement would never have been widely seen. Wang said:

We’ve identified a spam issue in Places for Business that is impacting a limited number of business listings in the hotel vertical. The issue is limited to changing the URLs for the business. The team is working to fix the problem as soon as possible and prevent it from happening again. We apologize for any inconvenience this may have caused.

Yesterday, thousands of hotels with Google+ Local listings had their pages manipulated to replace their links to official sites with links leading to third-party booking services. Google+ Local listings are what Google uses to provide local results in Google Maps and Google Search.

It currently appears to be isolated entirely to hotels, and Google has already said they are aware of and fixing the problem, but Danny Sullivan’s research into who is responsible for the hijacking has yet to turn up anything concrete. What we do know is that thousands of listings were changed to point to either RoomsToBook.Info, RoomsToBook.net, or HotelsWhiz.com.

Source: Search Engine Land

Source: Search Engine Land

The problem is, we can’t be sure any of these companies are actually directly responsible. Only one person responded to Sullivan’s inquiries. Karim Miwani, listed on LinkedIn as the director of HotelsWhiz.com, replied saying (sic):

We have recently seen this issue and have reported to Google webmaster already. If you have seen any links please forward it to me and I will submit the request.

Our team is already in the process of blocking list of certain domains and IP addresses from back-linking us.

Thank you for pointing this out if you have any more external domains acting in aboce manner please report it to us on

You can get all the details on the hijacking from Danny Sullivan’s investigative report into the issue, but this event has a broader relevance outside of the hotel industry. The mass hijacking of Google’s local listings suggests their is a security flaw in the Google+ Local listings which needs to be addressed and resolved. It may explain why Google has largely remained mum on the subject aside from confirming that it occurred.

You most likely have nothing to worry about with your own local business’s listings, so long as you don’t work in the hotel industry. However, it could have implications about the future of Google+ Local listings. Either the security flaw that allowed this to happen will be fixed, or issues like these could affect other industries on a larger scale.

Considering how important these listings are to Google Maps and Search, a larger attack could be a serious problem for Google.

Hacker Code

Social media users around the world have reason to be concerned as nearly two million login credentials have been found online by security researchers this week. The credentials included those for the largest social media platforms including Facebook, Google, Yahoo, LinkedIn, and Twitter.

Researchers from Trustwave’s SpiderLabs division posted a blog post reporting the information they found online after using the source code of a botnet controller, a controller for a collection of internet-connected programs, called Pony.

With that data the researchers were able to trace information connected to data-stealing capabilities and they discovered a massive collection of passwords from many of the biggest websites and social media services. In total 1.58 million website login details were stolen, along with 320,000 email account credentials, 41,000 FTP logins, and 3,000 Remote Desktop credentials.

The researchers believe the attack came from the Netherlands, based on a proxy server there which was operating as an intermediary between infected machines and the overseeing command-and-control server botnet.

“This technique of using a reverse proxy is commonly used by attackers in order to prevent the command-and-control server from being discovered and shut down. Outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down,” they wrote.

“While this behaviour is interesting in and of itself, it does prevent us from learning more about the targeted countries in this attack, if there were any.”

While they were at it, the researchers took the time to analyze the data and see what the most common passwords were. The results are depressingly unsurprising.

The most used password was the standard 123456 password, with 15,820 accounts using the simple code. The second and third most used passwords were variations on this, with 123456789 and 1234 filling the respective slots. ‘Password’ was the fourth most common password, and 12345 came in fifth. Sadly, it seems many will never learn to start using more difficult passwords.

McAfee’s Most Dangerous Celebrities Study results have been released for this year and the news is bad for Harry Potter fans. Emma Watson is the most dangerous celebrity to search for.

The title was held by Heidi Klum last year, but she has dropped off of the list. Searching Watson’s name has a 12.6 percent chance to leading to dangerous sites that offer spyware, adware, viruses and all other sorts of dubious content.

Also of note in this years’ list is the lack of men. The entire top ten are female. The only man to appear in the top 20 is Jimmy Kimmel, who was ranked number 13. Last year only two men appeared on the list.

The message is clear; if you’re searching a female celebrity, be careful what you click on.

 

For more information, read Matt Mcgee’s article at Search Engine Land.

Google made their main site (Google.com) more secure a few months back by adding SSL security to all searches inside of personal accounts. Well now they’re stepping it up a level further and adding SSL search to all of their other sites.

If it’s a priority enough for Google, we may see this start happening across many more sites before too long.

So it seems like some security guys have found a few new attacks, posted as image links on blogs.  These posts are engineered to end up on high Google results, but point to malware sites.  It apparently doesn’t work on up to date server software, so keeping your updates current is a good idea.

You can get more details here and here.