Article Diary - General Knowledge Digest

SEO Poisoning - What are SEO Poisoning Attacks?

Search engine optimization (SEO) poisoning is an increasingly popular method of attack for cyber-criminals and one that shows they are using more sophisticated techniques. In the last year, attackers have poisoned search results on everything from celebrity news to Google Wave invitations. But what makes these attacks such a success?

Millions of searches are conducted each day on popular search engines by people all around the world. In order to share what are they looking for with the wider public - perhaps giving us an idea of what’s hot and what’s not - a number of major search engines provide a way to glimpse into the Web’s query stream to discover the most popular search keywords or topics. True to form, wherever people are on the internet - the hackers are close to follow, and they are using this information to conduct attacks.

What are SEO Poisoning Attacks?

SEO poisoning attacks are primarily attacks on popular websites using XSS or cross server scripting. Most common SEO poisoning attack today is the the Iframe attack. This is the case when a very popular page with proper SEO is targeted by malicious hackers. What they do is exploit the input and display vulnerablity on these sites. I frames are then injected into such sites so when you search for some key word related to the popular site like say you may be redirected ater a while to some unknown site selling you viagra or free computer malware scanner.

A malicious SEO poisoning attack, also known as a Blackhat SEO attack, occurs when hackers manipulate search engine results to make their links appear higher than legitimate results. As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious Web sites.

SEO Poisoning

SEO poisoning can be used to drive traffic to an intentionally created malicious site, or it can take advantage of existing and popular Web properties by using cross site scripting (XSS) on a legitimate site. One common SEO poisoning method used today is to take already existing Web pages where a file has been uploaded to redirect the user to a malicious site. As the site is known and has often been around for years, it appears legitimate when it comes up at the top of the search results. The cybercriminals exploit the input and display vulnerability on these sites. This malicious site could be anything from advertising cut price Viagra or offering to ‘scan’ your computer for malware for example.

By targeting the top Google searches, hackers are able to drive traffic to sites using highly popular search terms. The average number of malicious sites in any Google search using hot/trending topics (as ranked by Google), by the end of last year (2009), stood at 13.7% for the top 100 results. This means that for every 100 results - around 14 of the links suggested to you may be to a malicious site and not what you were searching for at all.

An example of how closely the cybercriminals follow hot trending topics was recently seen when Websense Security Labs discovered that search terms relating to the new Apple iPad announcement had become the target for Blackhat SEO poisoning attacks before the product was even launched. In the lead up to Apple’s official announcement in January, there was a great deal of anticipation and speculation over the Internet. As people become interested in finding more information on the product, related search terms gained momentum, and as they did so Blackhat SEO attacks began to climb up the search result listings. Clicking on the rogue results lead to a fake anti-virus site which contained a file. If the file is installed it reports non-existent infections and disturbs the user with persistent pop-ups. In order to "clean" the system the rogue program is offered for a price. While we were able to provide protection to our customers immediately, at the time of our analysis the file on the rogue AV site had a characteristically low (30%) detection rate, as AV companies struggled to catch up with such attacks in real time.

SEO poisoning attacks are successful because they move in quickly and move on just a fast. As soon as a malicious campaign is recognized and removed from search results, the attackers can automatically redirect their botnets to a new, timely search term.

These ongoing campaigns have a proven formula and are likely to gain steam in 2010. This in turn may cause a trust issue in search results among consumers unless the search providers change the way they document and present links. But if you can’t trust your search results then who can you trust? Unfortunately, without dynamic Web protection from high-risk threats through real-time security updates and increased visibility into modern Web security risks, the answer is likely to be unwelcome. A bit like SEO poisoning.

5 (1)
Article Rating (1 Votes)
Rate this article
Attached Files
There are no attachments for this article.
There are no comments for this article. Be the first to post a comment.
Security Code Security Code
Related Articles RSS Feed
10 AJAX based PHP WebMail Clients
Viewed 1926 times since Mon, Jul 26, 2010
TipTip - jQuery Tooltip Plugin
Viewed 1271 times since Thu, Jan 28, 2010
Geo-location Mapping With Google Maps API & PHP
Viewed 1668 times since Mon, Apr 4, 2011
Free JavaScript Charts Library - JS Charts
Viewed 1255 times since Sun, Dec 13, 2009
CSS Positioning - Absolute, Relative & Fixed
Viewed 1607 times since Thu, Dec 3, 2009
How to redirect an old domain to a new domain using htaccess?
Viewed 991 times since Sun, Mar 14, 2010
30 High Quality Charts & Graphs for Web Developers
Viewed 3458 times since Wed, Mar 23, 2011
IE6 CSS Fixer - Web-Based IE6 CSS Fix Tool
Viewed 1236 times since Thu, Dec 31, 2009
UI Patterns - User Interface Design Pattern Library
Viewed 1430 times since Thu, Dec 31, 2009
Create A Page Peel Effect With CSS & jQuery
Viewed 1242 times since Tue, Jan 5, 2010