Sophos Experts Examine Search Engine Manipulation

Onur Komili and Fraser Howard, researchers at Sophos, published a fresh study paper on March 31, 2010 that uncovers hackers' method of using SEO techniques which trap Web-users into their malicious campaigns.

The study notes that for cyber-criminals, it has turned highly profitable to employ BHSEO (Blackhat SEO) tactics for permeating into authorized websites. Daily, innumerable new scams are detected exploiting the most current and exciting news online for the dissemination of malware. Often, these scams revolve around celebrity deaths and highly tragic calamities.

Further, the criminals use BHSEO toolkits to design and execute attacks based on search-engine poisoning. The kits create poisoned Web-pages full of incorrect keywords that are made to appear high in rank among the results returned after a search. However, these results deceptively land users onto the fake websites.
Moreover, SEO toolkits help to establish networks of numerous Web-pages too that are inter-linked and have search-friendly material associated with popular current topics. The said pages are added to hijacked websites that are otherwise legitimate. Typically, the kits get updated on their own with information of breaking news available on Google Trends or other sources.

For instance, during March end-week 2010, when bombs blasted on Moscow Metros, Sophos cautioned that this was precisely the type of event which would trigger malware and BHSEO activities.

Besides, as per the study, previously also several incidents provided plentiful appealing material for abusive hackers. These incidents included celebrity deaths of Natasha Richardson, Michael Jackson and Stephen Gately of Boyzone as well as the nuptial hues Sandra Bullock encountered.

Remarking about these discoveries, Fraser Howard, Principal Virus Researcher at Sophos stated that whenever frightening tragedies as mentioned above take place, people, as a general tendency and curiosity, rush to search the Web for additional information, something that the hackers know and thereby by exploit the search, as reported by HelpNetSecurity reported March 31, 2010.

Meanwhile, to safeguard businesses from SEO assaults, Sophos suggests content inspection and URL filtering. In conclusion, Howard stated that although malware dissemination via SEO might be difficult to prevent owing to the original genuineness of the related Web-pages, still organizations could adopt certain effective measures for protection, as reported by Theregister.co.uk on March 31, 2010.

Related article: Spike in Attacks Causes Early Release of Windows Patch

» SPAMfighter News - 4/12/2010