Beanstalk on Google+ Beanstalk on Facebook Beanstalk on Twitter Beanstalk on LinkedIn Beanstalk on Pinterest
Published On:
SEO articles and blog published on ...
Hear Us On:
Webmaster Radio
Blog Partner Of:
WebProNews Blog Partner
Helping Out:
Carbon balanced.


Beanstalk's Internet Marketing Blog

At Beanstalk Search Engine Optimization we know that knowledge is power. That's the reason we started this Internet marketing blog back in 2005. We know that the better informed our visitors are, the better the decisions they will make for their websites and their online businesses. We hope you enjoy your stay and find the news, tips and ideas contained within this blog useful.

August 20, 2009

Website Related Hackers and Malware Getting Smarter

Any legitimate website owners worst nightmare is to have their website hacked or used as a platform for serving malware (spyware, trojans, keyloggers, packet sniffers, etc). Luckily not only do hacking methods evolve but so does protection and safe guys such as StopBadge and Google’s website warning integration into the result set (actual message displayed under the result is “This site may harm your computer”). But every so often hackers get a little more unique in there tactics.

Today when visting the XXCOPY website (XXCOPY is a utility similar to XCOPY originally by Microsoft that extends the functionality with over 200 functions!) I ran into one of these issues. If you go directly to XXCOPY’s website there is no issue, however if you Google the phrase XXCOPY and then click on the result you may, or may not get one of the “Reported Attack Site!” message in Firefox (Firefox has the best anti Malware detection scripts).

After discovering this issue I called one of the reps at XXCOPY who proceeded to tell me that the issue was purely on my computer (talk about a slap in the face to a hardcore techie), and that he couldn’t replicate the issue so it must not exist. Digging further into the issue I soon realized that I was being redirected intermittently over to kb971657 (dot )info (most likely originally setup so people Google this particular Microsoft Knowledge Base article would land on their website), but not every time. In fact it took me 10 tries at one point to replicate the issue (clicking on the XXCopy SERP result, then clicking back and clicking it again).

By adding this seeming randomness to the malware redirection, as well as detection of referring page (Google in my case) it made it harder for the company to detect as going directly to worked every time. My assumption would be that this Malware is using some sort of form of detection and cloaking. Unlike blackhat cloaking it is hiding content from the search engine, and only showing it when it meets certain conditions (ie the visitors comes from Google or some other website, and then it does some sort of random number check that meets a secondary condition). Hopefully XXCopy gets this issue sorted out.

SEO news blog post by @ 3:23 pm




Level Triple-A conformance icon, W3C-WAI Web Content Accessibility Guidelines 1.0 Valid XHTML 1.0! Valid CSS!
Copyright© 2004-2014
Beanstalk Search Engine Optimization, Inc.
All rights reserved.