Security Advisor

Hackers Overload Search Results with Porn

A search engine optimization tactic is believed the cause of skewed Internet search results. Plus: Google+ gets slammed by spam; Secure Pocket Drive allows for safe PC repair of systems infested with malware.

• By Jabulani Leffall
• 07/11/2011

No need to even insert a pun here when the result of one's Internet search results in links to porn -- especially when they didn't search for porn.

This is exactly what happened over the weekend to Microsoft's Safety and Security Center.

Redmond disabled the search tool on that site only to restore it on Monday afternoon after it discovered the site's search field was victim to search engine optimization (SE0) tactics by hackers to rank results with malicious sites and code higher than they otherwise would be.

In this case, routine searches using such benign words as "streaming" led users to porn sites -- some of which were equipped with Trojan viruses and other nasty bugs.

Alex Eckelberry, the general manager of GFI Software's security group and the CEO of Sunbelt Software last week came up with the theory that the Microsoft site had been inadvertently saving searches after allowing users to forward search results and queries via Twitter and other social media sites.

Eckelberry believes hackers simply overloaded the search field with subtle and seemingly ambiguous terms such as "girl" and not so subtle terms such as "sex" to create an overload of saved searches that scrambled rankings and led to nefarious results.

For its part, Microsoft has confirmed the search poisoning and apologized to users but didn't go into further details on the porn "pwning," by anonymous hackers.

Google+ Service Hits First Big Security Issue
Search giant Google is being called savvy by some and presumptuous by others for ramping up a new social media service similar to Facebook. Google+ unifies Gmail and Android phone users and their friends, acquaintances, members of circles and other cadres of individuals throughout cyberspace in a central social environment.

Google, however, maybe didn't anticipate that the ongoing trend of hackers proliferating on and migrating to social media destinations would hit home so quick...particularly through spam.

Such spam shut down Google+ over the weekend with an overload of incoming messages. While not a breach, the denial of service causing spam had Vic Gundotra, a Google senior vice president of engineering simply saying "Yikes," in a blog post.

"Please accept our apologies for the spam we caused this afternoon. For about 80 minutes we ran out of disk space on the service that keeps track of notifications," he wrote. "Hence our system continued to try sending notifications. Over, and over again. Yikes."

Yikes, indeed. Security Watch recently cited Symantec research saying that the volume of spam is as high as it has ever been on social media sites.

Banking Panel Lauds Security Device
The Federal Financial Institutions Examination Council this week called the Secure Pocket Drive from IT security firm Spyrus the "gold standard," in preventing the use of fraud through USB devices.

This new endorsement has relevance for Windows IT pros working within or in tandem with financial institutions, specifically in the wake of large scale attacks on institutions such as Citigroup.

How it works is that the pocket-sized drive, similar in size to the standard flash drive, is able to boot a Windows PC directly into a fast, native, Windows Embedded Standard 7 operating system contained within the drive itself.

According to the company, since the Windows OS running on the pocket drive doesn't directly access the host PC's hard drive, "there is no chance of cross-contamination with the environment that is uses every day."

The drive creates a thin-client Windows OS environment that can run safely even if the host PC is infected with malware.