Crime on the internet pays. Or so it seems. A recent study by TrendMicro

RELATED ARTICLES Internet revolution bypasses rural India

reveals that Google Trends, a public web facility of Google, which shows how a particular search term is relative to the total search volume has been used bycyber criminals to find the most popular search terms. They then use these terms to point to links to their malicious sites, allowing them to victimise more people. Clearly, cyber crooks seem to be keeping up with the most recent technological advancements, using newly released applications to profit as much as possible.

Apart from poisoning the top search results, cyber criminals have been found to use GeoIP tracking as a social engineering tactic. This helps the bad guys to identify the geographical location of an internet-connected computer, mobile device, or website visitor. Geolocation data can include information such as country, region, city, postal/zip code, latitude, longitude and time zone.

Using geolocation data, cyber criminals can customise spammed emails and URLs to fool users into thinking that these are from non-malicious sources. This increases the possibility of malicious emails spreading, even while users unsuspectingly click on these links.

Says Abhinav Karnwal, product marketing manager, Apec Trend Micro: “Malicious websites are making around $10,000 every day. It all starts with a pop-up showing a problem in your computer. The user would go to the internet and look for an anti-virus (AV) software. These malicious sites feign the look and feel of an authentic anti-virus company. The site would run a scan on your computer and show multiple errors, which doesn’t actually exist in reality. It would ask the user to pay a certain amount and download the AV file. After payment, the fake AV programme would indicate that your computer is free from errors, which never existed anyway.”

MaxMind, founded in 2002, is a leading provider of geolocation and online fraud detection tools through its GeoIP brand. By accurately locating internet customers and visitors (country, geographic region, granular detail of city in real-time), MaxMind enables online businesses — it has 2,000 clients – to have a valuable marketing tool as well as the ability to customise their websites to better serve clients. Unfortunately, criminals have the same idea — only they serve their own interests.

Says Edward Lin, business development manager of MaxMind, “MaxMind does not condone the use of its products to harm or mislead others. There are usage restrictions within the end user licence agreement that allow the data to be used for commercial applications such as localising content, web log analytics, and fraud prevention.” But he knows that the programme is prone to misuse.

“Unfortunately, some users use our geolocation technology in a malicious manner and that is not something we can directly control. It is not commercially feasible to track and verify the usage for the tens of thousands of organisations that take advantage of our paid and free offerings. When usage violations come to our attention, we take reasonable measures to prevent access of our data to violators.”

So how can an internet user differentiate between an original and a malicious website? According to Websense Security Lab’s UK team, “Web threats are becoming more invasive, inventive and abundant than ever before with attack volumes surging to new heights. As cyber criminals become increasingly sophisticated and use the Web as their number one attack vector, it can often be difficult for businesses and employees to differentiate between the good and bad.”

The team says, “Although ‘classic’ techniques are relatively well-known, cyber criminals are becoming cleverer. Users need to be educated to stop clicking on links in emails from unknown senders. If it is sent from a friend or colleague, it should be double-checked with the sender. Users should always be suspicious of any site with an unknown domain that contains the name of a well-known site in the latter part of the web address.”

The biggest threat now facing users may no longer be phishing—or accessing passwords. At least three quarters of malicious content is contained in legitimate sites. Research by Websense found that almost 70 per cent of the top 100 most popular websites either hosted malicious content or contained a ‘masked redirect’ to lure unsuspecting victims from legitimate sites to malicious sites.

“In essence, the only way to be secure against the threat landscape is to ensure that a powerful security solution is in place which can provide real-time protection,” the UK team said. It is still a cops and robbers game. And there are too many robbers out there.