Cyber criminals exploit Japan earthquake with SEO attacks

11 Mar 2011

Conniving cyber criminals are taking advantage of the 8.9-magnitude earthquake in Japan and resulting tsunami in the Pacific region to lure concerned internet users into blackhat SEO traps.

Blackhat SEO attacks lure internet users to pages that suddenly infect their computers with viruses and malware. Major security software vendors are warning that SEO Blackhat hackers are exploiting the catastrophe in Japan to infect users’ computers with malware for their own financial gains.

“We immediately monitored for any active attacks as soon as news broke out, and true enough we saw web pages inserted with key words related to the earthquake,” said Trend Micro response engineer Norman Ingal.

Future Human

“One of the active sites that we saw used the keyword ‘most recent earthquake in Japan’ and led to FAKEAV variants we currently detect as MalFakeAV-25.

“Blackhat SEO leading to rogue antivirus is still very much a common web attack. We recommend that readers get the latest news from trusted media outlets to prevent being victimised by this blackhat SEO,” Ingal said.

Blackhat SEO attackers in it for financial gain

Urban Schrott of ESET said the earthquake and tsunami damage is being abused online by people with no conscience and who take advantage of catastrophes to make financial gain for themselves.

“With every major natural disaster in the past, be it Indian Ocean tsunamis, Hurricane Katrina, the Haiti earthquake, the recent Christchurch earthquake, several waves of fraud have appeared.”

Schrott said there were three areas of cyber attack and scam to avoid:

‘Shocking news’ or ‘shocking video’ malicious spam – Sent either by email or through links in social media, such as Facebook or Twitter, it promises to show some specific footage or reveal some more news about the disaster. Clicking on it can have several consequences, from propagating more spam, to getting infected with malware.

Search engine optimisation poisoning – Since cyber criminals know people will use search engines to look for news on the topic, they will fill their malicious sites with buzzwords, such as ‘Japanese earthquake’, ‘tsunamis’, etc, to lure visitors to their sites, where they can get infected with drive-by malware.

Charity and relief scams – After the initial shock passes, many charity scams spring up, preying on people’s nobility and willingness to help those in need.

Schrott also urged internet users following the events to follow only known news sites for news on the disaster and to send charity contributions to well-known and trusted charitable organisations.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years