Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Malicious PDFs Poison Google Search Results

    By
    Sean Michael Kerner
    -
    July 8, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Google search results

      Getting a top ranking in Google’s search engine is supposed to be an organic task, with the best content ranking highest, but according to a new research report from security vendor Sophos, attackers are using cloaked PDF files to influence Google’s search results. The cloaked files may include malware and links to malicious sites.

      Maxim Weinstein, security adviser at Sophos, explained that SophosLabs researcher Jason Zhang first noticed the cloaked PDF files at the beginning of June. The PDF files are full of different words that are intended to help influence search engine ranking. Weinstein noted that some are related to foreign exchange and investment terms and lead to a binary trading broker.

      “It’s hard to know which exact keywords they are targeting, but the ‘binary stock trading’ topic stands out,” Weinstein said.

      Sophos’ research indicates that the company has seen “hundreds of thousands” of unique PDFs that triggered a malware detection rule. Weinstein said that he didn’t have a specific number he could share, but he emphasized that the hundreds of thousands of detections are happening per day.

      “That doesn’t necessarily map one to one with high-ranked poisoned search results, but it does imply that the actors behind the campaign managed to get that many PDFs into circulation, via either malicious or compromised Websites,” he said.

      The cloaked PDFs aren’t all necessarily loaded with malware either. Weinstein explained that the issue is not so much about malware in the PDFs as it is about malicious URLs that are included in the PDFs. That is, there is something about the URLs included in the cloaked PDFs that gives Sophos some reason to believe they have been, or will be, associated with malicious activity.

      “The poisoning technique works by cross-linking the PDFs via embedding links to other URLs,” Weinstein said.

      In the binary trading search engine poisoning example, Weinstein said that Sophos didn’t actually see any malware. That said, he added that Sophos has seen search poisoning used routinely in other instances to redirect users to malware, rather than to get-rich-quick schemes.

      Sophos contacted Google prior to the disclosure to inform the company of the cloaked PDF risk. Weinstein said Sophos has a good working relationship with Google and felt it was important to reach out to the company before publicly discussing the issue.

      Google did not respond to a request for comment from eWEEK by press time.

      “I don’t feel comfortable commenting on what Google should do, but I would expect Google will take this into account and make whatever changes it deems necessary to reduce the effectiveness of this type of poisoning,” Weinstein said. “This would be consistent, for example, with Google’s past behavior to limit the effectiveness of HTML-based poisoning.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×