Computer crooks now targeting victims through search engines
Susan Kim, Stephanie Graham
Jim McGrath says his computer was recently held for ransom. While he was searching online, his p-c froze, and a warning popped up demanding he "pay $60 for a program to get rid of a virus."
Jim tried for hours to get his computer un-frozen, but it would not function until he paid.
"I felt i was being scammed into buying a virus program that I didn't need because I already had virus programs and I couldn't even run a scan on my own virus program," Jim recalls.
Experts say Jim was hit by a ransom-ware scheme and it's just one way you could be attacked. Cyber crooks are manipulating search engines so their "poisonous" or "tainted" web links pop up in your results, and if you click on the malicious link, malware or viruses can invade your computer.
Chris Larsen is with Blue Coat Security. He says, "You will be infected and you won't even know it."
Blue Coat's computer security's analysis found "search engine poisoning" attacks mounting. Now computer users are three times more likely to get a tainted link from a search engine than in an email.
"People do trust the search engines and they are predisposed to click on whatever they see in the results, and because they're not aware it could be dangerous this turns out to be a very effective attack for the bad guys," Larsen warns.
Blue coat found bad guys don't only target people searching for top news stories or adult content.
They may try to lure you to their links while you search common topics like:
*health and medical information
*samples of business and professional letters
*seasonal searches, like holiday recipes, decorations and costume ideas.
The search engine industry group semp says web sites do fight back. Chris Boggs explains, "Search engine algorithms have been designed partially to prevent cyber criminals from doing this kind of behavior."
"We've built and refined tools over many years to keep malicious content out of our search results."
"We are actively working on new filtering techniques for image search where the majority of these malicious links were found."
Unfortunately sometimes cyber criminals sneak past even tough search engine security, but to avoid poison links, look at web site address endings. Experts say "dot-com's" and "dot-net's" are usually safe. But if it ends in something you've never heard of, like "dot cx" or "dot tf" you may want to avoid those. If the text under the link looks garbled don't click on it.
Jim isn't sure what he clicked on to launch the ransom ware. He removed the software from his PC, but wonders if it's still lurking behind the scenes. "I worry that they still may have access to my computer."
Experts say if a link "just doesn't seem right" don't click on it. Teach your kids about how to avoid poisonous links when the search, and of course, always make sure you have good, up to date anti virus and malware programs running on your computer.