Some others aren't quite so obvious. There's this php script being downloaded onto php-enabled servers that I find quite interesting. This trend.php accepts any combination of words as parameters and then it googles them and creates a mish-mash of a page with related pictures and other information, which at first glance might be legitimate. This is an example of the scrip when called with the words "trend micro":
As you see, the HTML layout is decent so that a casual observer might think this is a real page with information and there is no malicious redirection after all. So what is this and what is it being used for? What does the bad guy gain by compromising web sites and uploading this script onto them?
I can only think of the following:
These pages are not meant to be seen by human eyes. They have been created to be crawled by search engine bots and look legitimate to them. The authors of the script want it to be positioned highly on Google.
These pages contain a very high amount of links to other similar pages on other domains. When one of them scores high on google with the set of terms they contain, all the pages in their "SEO ring" will do too. Once they reach a very high score, I'm guessing that the bad guys will add the redirection payload into the page. In the meanwhile, they're sleepers, behaving nicely in front of the google bot.
Since they're not dangerous at the moment, I'm not blurring out URLs. If you want to take a look at these, just google "inurl:images/trend.php" (by the way, there's no relation between the script name and the company name, it's just coincidence).
Comments? Ideas? Let me know.
thanks..
ReplyDeleteIts works perfectly
Cracked Software Download | ashampoo slideshow studio hd 3 serial number