August 10, 2012

London Olympics Search Results Lead to Objectionable Sites

Elisabeth Olsen

We’ve previously blogged about Olympic ticket scamsphishingmalware designed to propagate through social networking, and other Olympic security concerns.  

We also know that hackers take advantage of people searching for breaking news and trending topics about the Olympics through various SEO poisoning techniques. When Georgian luger Nodar Kumaritashvilii died in a tragic training accident just before the Vancouver Olympics in 2010, multiple malware pages quickly appeared in the top search results. Clicking these links led to pages that included pop-up warnings telling the user to click a button to view a video or to clean up computer problems. Of course, clicking led to malware attacks. 

SEO poisoning remains a problem, but Google seems to have a better handle on it where searches related to the London Olympics are concerned, at least in English. When we started using Russian search terms, however, things deteriorated quickly. Using the Russian translation for "watch 2012 Olympics online", we did a Google search and clicked on the second item:  


While the domain itself is correctly categorized as sports, it's clear some objectionable content is popping up in the ads: 


In addition, clicking on the page redirects to various questionable places, including information on how to control men: 


In another investigation, Websense® researchers analyzed Twitter traffic based on popular Olympics-related terms, events, and athletes starting two days before the Opening Ceremony through August 8th. Not surprisingly, traffic peaked on the day the Games opened, and three days later when Olympians Tom Daley, Michael Phelps, Ruta Meilutyte, and Maria Sharapova topped the Google trends.



Looking more closely at the data, we found that a handful of Twitter feeds from certain athletes and teams were posting shortened URLs which redirected to Objectionable or Security categories, including Malicious Web Sites and Malicious Embedded Link:


We took a sample set of 3600 of these, unshortened them, and analyzed the category breakdown: 

Websense customers are protected from these threats by our Advanced Classification Engine™ (ACE). 

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.