Related Links

  • Websense
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories


United Nations web domain attacked by SEO poisoning, claims researcher

31 May 2011

A Websense associate security researcher claims to have detected a black hat SEO attack on a web domain that belongs to the United Nations Environment Programme (UNEP).

According to Amon Sanniez, the SEO poisoning appears to be compromised by a number of medical spam-related URLs, most of which are compromised sites themselves.

"As you can see from the screenshots, unless you were to view the source code for the web page, it is almost impossible to know that this page has been modified", he says in his latest security blog.

The sub-domain under attack, he asserts, is the Sustainable Energy Finance Initiative (SEFI) site –

SEFI, Sanniez notes, is a division of UNEP and provides support and tools to financiers in regards to the use of clean energy technologies.

"Like most black hat SEO attacks on compromised sites, the site tends to look perfectly fine, and there is no indication that the site has been compromised", he said.

Further analysis of the source code, he goes on to say, reveals that the entire block for the Black Hat SEO is appended to the end of the HTML code.

Users should also notice, he says, that the code contains a hidden disposition, and the height and width pertaining to the size of the displayed content is set to zero.

Researching through the appended code, adds the Websense researcher, allows users to see branded drug names such as 'Viagra' and 'Levitra' - the use of these keywords, he adds, help result in a better search engine ranking.

"Most of the mainstream search engines such as Google know of these tricks and do their best to prevent these attacks, but it does not always work. However, the prevention success rate is higher for well-known search engines compared to the less mainstream ones", he said.

"At the time of posting this blog, the Black Hat SEO threat has been removed and the web site is [now] safe for browsing", he added.

This article is featured in:
Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×