Step 1: Compromise legitimate web sites

1Step 1: Compromise legitimate web sites

These will be used to form the foundation of the attack.

2Step 2: Create SEO-friendly fake pages related to popular search topics on compromised sites

In the past year hackers have taken advantage of user curiosity about the Olympics, the Haiti earthquake, Corey Haim’s death, the World Cup and Mel Gibson’s recent craziness to formulate their SEO poisoning attacks.

3Step 3: Use Google Hot Trends to search for popular terms

Hackers leverage the hottest search terms and then stuff their fake pages with additional relevant key phrases that track well with the most common way users phrase their searches.

4Step 4: Crosslink with other SEO poisoned pages to boost page rankings

Hackers work on scale, with a web of hundreds of crosslink pages to ensure that their malicious sites make it to the top of the page rankings for any given search term.

5Step 5: Cloak malicious content from spiders and security researchers

The reason SEO poisoning attacks have been difficult to stymie is because the hackers are shielding their attacks from search engine detection and security do-gooders. Poisoned pages serve up an alternative non-malicious page with relevant keywords and links to other poisoned pages when crawlers view a page and direct traffic to non-malicious content when it doesn’t come from a search engine.

6Step 6: Deliver payload

If traffic does come from a website, hackers will serve up the bad content. Right now, researchers report that the bulk of SEO poisoning attacks are used to send users to a fake AV scan page to convince them to install bogus AV ‘scareware.’

7SEO Poisoning By The Numbers

Symantec found that on average 115 of the 300 most popular search terms contained at least 10% malicious links.

8SEO Poisoning By The Numbers

Users have a 1 in 3 chance of coming across a malicious link via searches, according to Symantec.

9SEO Poisoning By The Numbers

Typically, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned, according to Symantec researchers.


Must Read