Every week 57,000 fake Web addresses try to infect users

Every week, hackers are creating 57,000 new Web addresses which they position and index on leading search engines in the hope that unwary users will click them by mistake.

Those who do, will see their computers infected or any data they enter on these pages fall into the hands of criminals. To do this, they use an average of 375 company brands and names of private institutions from all over the world, all of them instantly recognizable.

eBay, Western Union and Visa top the rankings of the most frequently used keywords; followed by Amazon, Bank of America, Paypal and the US revenue service.

These are the conclusions of a study carried out by PandaLabs, which has monitored and analyzed the major blackhat SEO attacks of the last three months.

Some 65% of these fake websites are positioned as belonging to banks. For the most part, they pose as banks in order to steal users’ login credentials. Online stores and auction sites are also popular (27%), with eBay the most widely used.

Other financial institutions (such as investment funds or stockbrokers) and government organizations occupy the following positions, with 2.3% and 1.9% respectively. The latter is largely accounted for by the US revenue service or other tax collecting agencies.

Payment platforms, led by Paypal, and ISPs are in fifth and sixth place, while gaming sites – topped by World of Warcraft- complete the ranking.

Just as in previous years malware or phishing was typically distributed via email, in 2009 and particularly this year, hackers have opted for BHSEO techniques, which involves creating fake websites using the names of famous brands, etc.

This way, when users search for these names, a link to the malicious website will appear among the first results returned. When they visit these sites, one of two things will happen: either malware will be downloaded onto the user’s computer, with or without their knowledge, or the website spoofs the appearance of a genuine page, a bank say, and users will unwittingly enter their details which will fall into the hands of criminals.