These will be used to form the foundation of the attack.
In the past year hackers have taken advantage of user curiosity about the Olympics, the Haiti earthquake, Corey Haim’s death, the World Cup and Mel Gibson’s recent craziness to formulate their SEO poisoning attacks.
Hackers leverage the hottest search terms and then stuff their fake pages with additional relevant key phrases that track well with the most common way users phrase their searches.
Hackers work on scale, with a web of hundreds of crosslink pages to ensure that their malicious sites make it to the top of the page rankings for any given search term.
The reason SEO poisoning attacks have been difficult to stymie is because the hackers are shielding their attacks from search engine detection and security do-gooders. Poisoned pages serve up an alternative non-malicious page with relevant keywords and links to other poisoned pages when crawlers view a page and direct traffic to non-malicious content when it doesn’t come from a search engine.
If traffic does come from a website, hackers will serve up the bad content. Right now, researchers report that the bulk of SEO poisoning attacks are used to send users to a fake AV scan page to convince them to install bogus AV ‘scareware.’
Symantec found that on average 115 of the 300 most popular search terms contained at least 10% malicious links.
Users have a 1 in 3 chance of coming across a malicious link via searches, according to Symantec.
Typically, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned, according to Symantec researchers.