As a result, more than 101,000 Google search results that appeared to lead to pages of legitimate sites actually directed end users to sites that attempted to install malware.

The hack, which was first documented Wednesday by Netherlands-based researcher Dancho Danchev, takes advantage of the practice by many sites of logging search queries typed into their search boxes and storing them where search engine bots can see them. The terms are then indexed by Google and other search engines and included in the results they return. Exploiting the weakness is as easy as typing popular search terms into a popular website along with the text of an IFRAME that points to a malicious website. Within time, the strings will be included in results returned by Google and others.

Posted by Sean Cannon in Adware, Spyware and Trojans at 17:42

DSL Reports has a thread on it, and on Tuesday Symantec posted a heads up. MonaRonaDona (MRD), a new bit of Malware that is pure social engineering, is showing up on computers with annoying messages and taunts. It then leads users to download a program, obviously written by MRD’s authors, to remove it.

“We have analyzed samples of Malware that is calling itself 'MonaRonaDona', and is creating a buzz on Internet forums. In a nutshell, it seems the sole purpose of the Malware is to prompt the user to enter the term "MonaRonaDona" into a search engine,” Symantec’s Security Response blog says.

Posted by Sean Cannon in Adware, Spyware and Trojans at 10:10