Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Blogs
    • Security Watch

    Search Engine Manipulation Grows Up

    By
    MATTHEW HINES
    -
    September 23, 2009
    Share
    Facebook
    Twitter
    Linkedin

      Cyber-attackers have long employed the tactic of attempting to insert their nefarious URLs and related schemes into popular search engine results to lure potential targets, but security researchers contend that the model has evolved in new ways of late, making the technique even more powerful.

      By combining strategies involving subverted Web sites, zero day exploits, and smarter methods for hiding their work, cutting-edge campaigns of this ilk are becoming even more complex and dangerous than their forbearers, according to researchers with McAfee’s Avert Labs.

      In a recent blog post, Avert Labs researcher Craig Schmugar highlighted a new search engine “manipulation” approach that differs from previous iterations of the scam – one that gets away from the use of networks of free Web sites, which had been a primary element of many such attack campaigns, in favor of legitimate URLs that have been hacked.

      While attackers have typically used groups of fake sites that they would register and then cross link, and then attempt to get indexed highly for any related search terms – specifically hot topics like breaking news stories – now scammers are using hacked pages and combining various elements of other different attacks to achieve even more effective “blackhat SEO,” Schmugar reported.

      Because of the legitimate nature of the hacked sites they employ, it’s much easier to be “found” by search engines of course.

      The big difference, somewhat predictably, is the use of legitimate sites that have somehow been compromised, and zero day vulnerabilities are leaving many of the involved sites readily available for use in the campaigns, the McAfee expert contends.

      This is a trend that has played out with nearly all forms of online malware distribution, as hackers refine their ability to subvert existing Web pages, versus creating their own. But attackers are using the technique to drive much smarter SEO, the expert noted, as now they merely hack sites that already shows up for the search terms they’re targeting.

      “There are currently many examples of high-ranking poisoned results that lead to compromised legitimate sites. This is a bit different than in the past, as now security vulnerabilities are being exploited simply for the sake of search-engine manipulation,” Schmugar said.

      Historically attackers have also uploaded malicious content to compromised sites, either directly by injected exploit code, or indirectly by injecting an iframe or script that brings in exploit code from a remote site. After eventually being discovered by legitimate site users, the attacks are usually shut down as administrators are informed of what’s been happening on their pages and move to cleanse them.

      In another emerging twist on the model, Schmugar notes that attackers have been responding to this challenge by instead directing victims to completely different sites to infect them. They’ve also made it such that only those users coming directly from search engines are sent to their infection farms to try to hide their efforts even further, because this tactic makes it even easier to keep scams hidden from legitimate site owners and established users, and to lure more victims, the expert maintains.

      “The attackers go a step further by implementing a well used trick, which is to redirect conditionally,” he said. “It’s not enough for people to go to a compromised page; they must arrive there from a search-result page.”

      Typically, many of the compromised sites are running older, vulnerable phpBB and WordPress applications, while another popular model incorporates sites that are serving attacker’s HTML pages, most likely from compromised administrative credentials or misconfigured Web servers, Schmugar contends.

      “These events further blur the line between “trusted” sites and malicious content. This trend is likely to continue for years to come,” he said.

      Blindly searching for information from unfamiliar Web sites would seem more of a dangerous proposition than ever, but clearly even known commodities are getting poisoned, and that’s making it even more dangerous for people to go about their business online.

      It’s just another beautiful day on the Interwebs.

      Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

      Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to [email protected].

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×