Beware of "Google Poisoning"

#1
http://redtape.msnbc.com/2007/12/virus-experts-w.html


You might want to take an extra half-second the next time you click on search engine results to make sure you know where you're going. Computer criminals have refined a sinister technique for tricking Web surfers into clicking on infected Web pages, turning search engines like Google into unwitting partners.

It's known as “Google poisoning,” because Google is the biggest target, but it can impact any search engine. Criminals construct booby-trapped Web pages, then dupe search engines into giving them high rankings.

Last week, security research firm Sunbelt Software found that a simple search for something like "funny dog picture" on Google directed searchers to Web sites hosted on Chinese domains. Those who clicked on the links were pushed to install a malicious program named "Spy-shredder."



FYI: Almost 90% of the malicious traffic hitting our server DMZ comes from China. They are working towards getting themselves blacklisted as a country from the internet if you ask me.
 
#2
ghost_us said:
FYI: Almost 90% of the malicious traffic hitting our server DMZ comes from China. They are working towards getting themselves blacklisted as a country from the internet if you ask me.
As no single organisation controls the Internet, in what way can a country be blacklisted?

It would have to be a change brought about by some kind of coalition of organisations, but with 1 in 3 of the Earth's population considering themselves Chinese, it may not go down too well!
 
#3
ghost_us said:
FYI: Almost 90% of the malicious traffic hitting our server DMZ comes from China. They are working towards getting themselves blacklisted as a country from the internet if you ask me.
They're also working towards a system of internet usage which works off Chinese simplified characters. Very few people in PRC can read latin script and even fewer Westerners are proficient in simplified script, so it's a great method of a) opening up web-use to the masses and b) controlling what they see when they get there.

Of course, a side benefit is they won't be reliant on the west for internet provision, even assuming one government could ever 'blacklist' them.
 
#5
RFUK said:
ghost_us said:
FYI: Almost 90% of the malicious traffic hitting our server DMZ comes from China. They are working towards getting themselves blacklisted as a country from the internet if you ask me.
As no single organisation controls the Internet, in what way can a country be blacklisted?

It would have to be a change brought about by some kind of coalition of organisations, but with 1 in 3 of the Earth's population considering themselves Chinese, it may not go down too well!
The Chinese seem to have found a way to restrict who can see what on the internet, shouldn't be impossible to return the favour?
 
#6
I've got McAfee site advisor. It gives a red or green flag on all my search results.

Not a bad tool at all, and it's free!
 
#8
I've got Zone Alarms Firewall - won't let anyone in or out I don't want
- and AVG anti virus that updates twice a week - fcuk 'em!

Like some said earlier a bit of common and if in doubt bug out of the site and try again somewhere else
Pictures (jpegs) and music files are the most corrupt and have little nasty's attached...
I get the MP3's from Limewire (free) and had no trouble so far
 
#9
Feh. Just drop the entire APNIC range into the firewall filter and voila! - lossless compression of teh Interweb.
 
#10
dogmeat said:
Feh. Just drop the entire APNIC range into the firewall filter and voila! - lossless compression of teh Interweb.
I'm fairly certain that Korea has quite a bit on some of their major nodes.
 
#11
RFUK said:
ghost_us said:
FYI: Almost 90% of the malicious traffic hitting our server DMZ comes from China. They are working towards getting themselves blacklisted as a country from the internet if you ask me.
As no single organisation controls the Internet, in what way can a country be blacklisted?

It would have to be a change brought about by some kind of coalition of organisations, but with 1 in 3 of the Earth's population considering themselves Chinese, it may not go down too well!
Countries blacklisted.. yes. Sort of. Origin ranges getting filtered by major network nodes... definitely. They get on enough of them either the route becomes too long to get to destination or one doesn't get found.

You piss off enough providers you won't get out of your own backyard and you'll be stuck with a giant intranet. Maybe that will suit some chinese but their online direct sales would suffer a bit.

I'd had to find other sites to buy my RC Helicopter parts :/
 
#12
ghost_us said:
Countries blacklisted.. yes. Sort of. Origin ranges getting filtered by major network nodes... definitely. They get on enough of them either the route becomes too long to get to destination or one doesn't get found.

You urine off enough providers you won't get out of your own backyard and you'll be stuck with a giant intranet. Maybe that will suit some chinese but their online direct sales would suffer a bit.

I'd had to find other sites to buy my RC Helicopter parts :/
Because it's not as if Google, yahoo, etc. do any business over there. :roll: The demand for access to the Chinese market is enormous - anybody who tries blacklisting them will be far more likely to find themselves cut out of the loop as alternate means are found - how many money-men d'you think would put themselves in that position?

End of the day, it's always been a race between hackers/spammers and techno-wibblers to keep the wheels turning. This isn't anything new.
 
#13
smartascarrots said:
ghost_us said:
Countries blacklisted.. yes. Sort of. Origin ranges getting filtered by major network nodes... definitely. They get on enough of them either the route becomes too long to get to destination or one doesn't get found.

You urine off enough providers you won't get out of your own backyard and you'll be stuck with a giant intranet. Maybe that will suit some chinese but their online direct sales would suffer a bit.

I'd had to find other sites to buy my RC Helicopter parts :/
Because it's not as if Google, yahoo, etc. do any business over there. :roll: The demand for access to the Chinese market is enormous - anybody who tries blacklisting them will be far more likely to find themselves cut out of the loop as alternate means are found - how many money-men d'you think would put themselves in that position?

End of the day, it's always been a race between hackers/spammers and techno-wibblers to keep the wheels turning. This isn't anything new.
Google, Yahoo, and those groups don't really have much of a say, directly, but financially perhaps. Companies like AT&T, and various other telecom, as well as major universities really hold the keys.. not really google.

I stated it as possible, not practical. A lot of companies, especially online gaming, in south korea has locked out entire chinese ranges. I know this for a fact. Only chinese getting in were ones proxying from the US.
 
#14
ghost_us said:
Google, Yahoo, and those groups don't really have much of a say, directly, but financially perhaps. Companies like AT&T, and various other telecom, as well as major universities really hold the keys.. not really google.

I stated it as possible, not practical. A lot of companies, especially online gaming, in south korea has locked out entire chinese ranges. I know this for a fact. Only chinese getting in were ones proxying from the US.
But Google and Yahoo are the ones doing internet business in PRC. If AT&T et al. were to cut off comms to China, do you think they'd shrug and say "Oh, well, it was nice while it lasted"? Or would they find someone else to provide the comms and keep the money flowing in?

Ironically, the most likely candidate is the Taiwanese telecoms company Chungwa. Money talks and they've got substantial investments in PRC already, as well as wider Asia, Europe and US. The Japanese aren't likely to pass up the opportunity, either. The west isn't the only game in town, anymore.

As to major Universities holding the keys, I'd refer you to the earlier comment about a system based on hanzi rather than latin characters.
 
#15
smartascarrots said:
ghost_us said:
Google, Yahoo, and those groups don't really have much of a say, directly, but financially perhaps. Companies like AT&T, and various other telecom, as well as major universities really hold the keys.. not really google.

I stated it as possible, not practical. A lot of companies, especially online gaming, in south korea has locked out entire chinese ranges. I know this for a fact. Only chinese getting in were ones proxying from the US.
But Google and Yahoo are the ones doing internet business in PRC. If AT&T et al. were to cut off comms to China, do you think they'd shrug and say "Oh, well, it was nice while it lasted"? Or would they find someone else to provide the comms and keep the money flowing in?

Ironically, the most likely candidate is the Taiwanese telecoms company Chungwa. Money talks and they've got substantial investments in PRC already, as well as wider Asia, Europe and US. The Japanese aren't likely to pass up the opportunity, either. The west isn't the only game in town, anymore.

As to major Universities holding the keys, I'd refer you to the earlier comment about a system based on hanzi rather than latin characters.

The internet doesn't belong to any corporation in any sense. The internet runs off 13 Internet Root servers based across the world, with 6 in the hands of agencies such as NASA, ISC, US Army, US DoD, DISA and USC-ISI. These root servers are High level Domain Name Servers. In the simplest terms these servers know where other servers are, and how to get to them. Without the Internet Root servers the internet breaks up into chunks. Quite simply, if the requesting server can not get the location of the server that it needs to talk to, then it doesn't talk to that server. Which means, to you and I, that our attempt to check our emails wouldn't happen, that our attempt to log onto our Internet Bank account doesn't happen, that our search for porn doesn't happen. So, in theory and in practise a given range of IP addresses could be locked out at the Internet Root Servers. Which would take 48 hours to affect the actual DNS servers that the internet uses every time someone puts a URL into the address box at the top.

The Telecomms Companies would have to set up their own Internet Root Servers that would be allowed onto the Internet Backbone, which may very well not happen, simply because the owners of the Internet Root Servers might decide that the offending source is permanently locked out of the World Wide Web. The owners of the Internet Root Servers are beholden to no one and under no one corporation control. So, if their techies are unhappy about a location, then no one can stop them from blocking it as the wish.

To date a number of attacks on the Internet Root Servers have been recorded. So far, every single offending server has been denied entry to the internet by address denial at the MAC level. (MAC is a fixed address on the network card)
 
#16
Kitmarlowe said:
To date a number of attacks on the Internet Root Servers have been recorded. So far, every single offending server has been denied entry to the internet by address denial at the MAC level. (MAC is a fixed address on the network card)

MAC addresses can be spoofed! Thankfully its not easy!
 
#17
VerminWA said:
Kitmarlowe said:
To date a number of attacks on the Internet Root Servers have been recorded. So far, every single offending server has been denied entry to the internet by address denial at the MAC level. (MAC is a fixed address on the network card)

MAC addresses can be spoofed! Thankfully its not easy!
Actualy it's quite simple, some SOHO routers have MAC spoofing capabilities. Very usefull if your internet provider authenticates it's users via MAC.
 
#18
jinxy said:
VerminWA said:
Kitmarlowe said:
To date a number of attacks on the Internet Root Servers have been recorded. So far, every single offending server has been denied entry to the internet by address denial at the MAC level. (MAC is a fixed address on the network card)

MAC addresses can be spoofed! Thankfully its not easy!
Actualy it's quite simple, some SOHO routers have MAC spoofing capabilities. Very usefull if your internet provider authenticates it's users via MAC.
Oh Yes. MAC addresses can be spoofed, no problem. At a single user level that's not a drama, it wouldn't effect your connection to the internet, since your connection is effectivly renewed at pre set intervals dependant upon your ISP.
However. Certain nodes in any internet can not keep changing MAC and IP addresses. They have to be static, fixed and constant. All bridges routers, brouters, and gateways in any network have to have fixed addresses, all DNS servers have to have fixed addresses. Routing in the internet is dependant upon this fact, as a request to access a particular website needs to know the address that website is on, and how to get there. This is known as Route Tables.

It's like knowing that to get to Leeds from London, you drive up the M1, if you want to get to Sheffield, you turn off at Junction 34. Image that journey if the route kept changing, you set off, and it turns out after an hour you needed to be on the M11, then the M40, then the M4.

To reset this route table, you can force an update, or wait for the preset polling that is carried out to check that all the listed nodes are still present and the listed routes still work.

MAC spoofing would either stand out in logs as updates are forced, or have to wait, possibly up to 48 hours. Areas that force too many updates would be regarded with concern. It is possible to actually ID the server forcing updates, looking at software serial codes, forcing checks of the MAC address burnt in the network card, and a number of other tricks. Pretty much all spoofed or faked adresses can be forced to ID the true source.
 
#20
Kitmarlowe said:
The internet doesn't belong to any corporation in any sense. The internet runs off 13 Internet Root servers based across the world, with 6 in the hands of agencies such as NASA, ISC, US Army, US DoD, DISA and USC-ISI. These root servers are High level Domain Name Servers. In the simplest terms these servers know where other servers are, and how to get to them. Without the Internet Root servers the internet breaks up into chunks. Quite simply, if the requesting server can not get the location of the server that it needs to talk to, then it doesn't talk to that server. Which means, to you and I, that our attempt to check our emails wouldn't happen, that our attempt to log onto our Internet Bank account doesn't happen, that our search for porn doesn't happen. So, in theory and in practise a given range of IP addresses could be locked out at the Internet Root Servers. Which would take 48 hours to affect the actual DNS servers that the internet uses every time someone puts a URL into the address box at the top.

The Telecomms Companies would have to set up their own Internet Root Servers that would be allowed onto the Internet Backbone, which may very well not happen, simply because the owners of the Internet Root Servers might decide that the offending source is permanently locked out of the World Wide Web. The owners of the Internet Root Servers are beholden to no one and under no one corporation control. So, if their techies are unhappy about a location, then no one can stop them from blocking it as the wish.

To date a number of attacks on the Internet Root Servers have been recorded. So far, every single offending server has been denied entry to the internet by address denial at the MAC level. (MAC is a fixed address on the network card)
Which all goes to say that if the current set up stops people doing business, they'll find a way that will allow them. Call me a cynic, but I doubt there's anything the techies can do to stop companies doing business where there's a profit. If there's enough money to be made (and in China there most definitely is) an alternate means will be found, even if that means setting up an alternate internet.
 

Similar threads

New Posts

Latest Threads

Top