Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management

    Attackers Improving Search Engine Optimization to Push Rogue Security Tools

    By
    Brian Prince
    -
    October 6, 2009
    Share
    Facebook
    Twitter
    Linkedin

      Poisoning search engines results to trick users into visiting malicious sites is not a new tactic. But as an analysis by AVG Technologies shows, it can be very effective.

      Examining a rogue spyware campaign that sought to take advantage of interest in the earthquake in Samoa last week, AVG determined that it took just 24 hours for attackers to get their malicious links in Google’s top 10 search results.

      “The first reports of the Samoan earthquake hit my inbox on Sep 29th at about 4pm EST ,” blogged Roger Thompson, chief of research at AVG. “By about 7pm EST, the next day, we started noticing hits on rogue spyware from Google queries. When we looked, we found they had five or six of the top ten results on the Google search results page, well above even places like CNN and The Guardian on queries like ‘Samoan Tsunami.'”

      Those who clicked on the links to the malicious sites were led to a Website that tried to get users to install a bogus anti-malware program.

      The process of abusing search engines such as Yahoo and Google can happen more than one way. For example, in March McAfee found cyber-criminals abused the Google page rank of Democrats.org to improve the chances their malicious links would appear in Google searches. To do this, hackers flooded the community blog feature on the site with bogus posts with malicious links for several weeks.

      “The most common spamdexing trick is the creation of doorway pages,” noted Mike Haro, a senior security analyst at Sophos. “These pages are designed, usually by automated software, to look good to search engines, and as such contain a high density of search terms. If these pages are planted on popular sites they may get high enough on the search results page. When a visitor clicks on it, the page automatically redirects to an advertised site.”

      According to eSoft, the majority of the sites being used in these schemes are compromised sites.

      A Google spokesman said the company scans Web pages for malware and posts warnings in its search results when malicious content is found. In addition, many rogue sites also get removed from search results altogether.

      “We work hard to protect our users from malware,” the spokesman said. “Many of these results have been removed from our index. In all cases, we actively work to detect, flag and remove sites that serve malware from our index. We have manual and automated processes in place to enforce our policies. We’ll continue to monitor for these bad results and will remove any as necessary. Additionally, we’re always exploring new ways to identify and eliminate malicious sites from our index.”

      AVG’s Thompson noted in comments to eWEEK that search engines such as Google have a tough road in front of them when it comes to dealing with the issue.

      “What Google does is that they remove the sites from their indexes as soon as they realize what’s up, but the sites seem to be up for a day or two in the mean time … just long enough to take advantage of the hot news,” he said. “The point is they’ve probably figured out Google’s indexing algorithm, so that’s probably hard for Google to change.

      “I think they’ve been doing [search engine optimization] for ages, but it’s become really effective recently,” he said.

      Brian Prince

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×