Malicious parties are known to deliver what the unsuspecting and unaware end user is searching for, by persistently innovating at the infection vector level in order to serve malware or redirect to live exploit URLs in an internal ecosystem that not even a search engine's crawlers would bother crawling. What's the trick in here? Using image files as bites to malware binaries, and acquiring traffic by generating fake directory indexes with hundreds of thousands of popular or segment specific keywords in the filenames, while attempting to trick the impulsive leecher by forcing a direct loading of anything malicious? Creative, at least according to someone who's released such a fake directory listing, and is what looks like planning to come up with an automated approach for doing this.
Inside a non-malicious download.php file :
$file = "sexy.gif"; header("Content-type: application/force-download"); header("Content-Transfer-Encoding: Binary"); header("Content-Disposition: attachment; filename=\"".basename($file)."\""); readfile("$file"); ?>
Spammers, phishers, malware authors, and of course, black hat search engine optimizers, are known to have been using technique for enforcing downloads, loading live exploit URls, or plain simple redirection to a place where the malicious magic happens.
A fake directory listing of images, where the images themselves load image files of the icon to make themselves look like images - trying saying this again, and consider this attack tactic as SEO 1.0, where the 2.0 stage has long embraced GUIs and all-in-one anti-doorway detection techniques for blackhat SEO-ers to take advantage of.
No comments:
Post a Comment