RSS Alerts

Share

More services

Related Links

  • Imperva
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • United Nations web domain attacked by SEO poisoning, claims researcher
    A Websense associate security researcher claims to have detected a black hat SEO attack on a web domain that belongs to the United Nations Environment Programme (UNEP).
  • Sophos reveals its own products are subject to SEO poisoning
    Sophos' research teams have been reporting on the misuse of search engine results to route internet users to infected, scam or malware-driven sites for some time, but now it seems that the IT security vendor's own products are being used for SEO poisoning, as the process is called.
  • As Bin Laden checks out, malware and SEO poisoners check in
    The death of Osama Bin Laden may have been welcomed in most quarters, but the IT security industry could be forgiven for being ambivalent, on account of the tidal wave of malware, scams and SEO poisoning that has taken place since the Al Qaeda chief's passing was announced on Sunday.
  • Hacker trend analysis and SEO techniques going haywire?
    Much has been made of hackers maintaining a seemingly constant analysis of the top topics on the newswires and social networks – a technique known as trending – but it seems that at least one campaign has gone wrong as cybercriminals are reported to be targetting Halloween and the US Thanksgiving holidays.
  • Comment: What’s your (SEO) poison?
    SEO poisoning is an increasingly popular method of attack for cybercriminals, and one that shows they are using more sophisticated techniques. In the last year, attackers have poisoned search results on everything from the MTV Video Music Awards to Google Wave invitations. Patrik Runald of Websense asks what makes these attacks such a success, and what does this mean for 2010?

Top 5 Stories

News

Search engine poisoning methodologies revealed

09 June 2011

Data security vendor Imperva has published a paper detailing how cybercriminals execute their SEP (search engine poisoning) attacks, which seek to route internet users to infected pages instead of their intended destination URL.

The paper - Imperva's second HII (hacker intelligence initiative) report - is the result of an analysis into a 15 month SEP campaign which the firm describes as highly successful and without any apparent counter-measures being deployed by search engines.

This, says the firm, illustrates how websites - often unknown to their administrator - and web search engines become the conduit for these types of attack, and demonstrates that more needs to be done to stop these types of malware attacks.

According to the report, SEP attacks manipulate search engines to display search results that contain references to malware-delivering websites.

"There are a multitude of methods to perform SEP, including taking control of popular websites, using the search engines' sponsored links to reference malicious sites and injecting HTML code", says the analysis

One of the most popular SEP methodologies involves sites which are vulnerable to cross site scripting (XSS) attacks, which are carried out by advanced scripted Google searches.

Then, by attacking the site in question and infecting its pages with malware - or, more routinely, installing routes to other infected pages on the site - the hackers effectively create a set of web pages which can be manipulated to be high up in search engine rankings with attractive information - that are a trap for internet users.

By attacking those sites that are recommended by search engines for given topics, Imperva claims that these infected sites are effectively missed by web browser add-ins that look for malicious pages.

According to Amichai Shulman, Imperva's CTO, his research team were able to detect and track a SEP attack campaign from start to end.

"The prevalence and longevity of this attack indicates not only how long it lasted undetected, but also that companies are not aware they are being used as a conduit of an attack", he said.

"It also highlights that search engines should do more to improve their ability to accurately identify potentially harmful sites and warn users about them", he added.

Shulman is also advising search engine providers that current solutions that warn users of malicious sites lack the required accuracy and precision ,whereas many malicious sites continue to be returned un-flagged by relevant security software.

"However, these solutions can be enhanced by studying the footprints of a SEP via XSS. This allows a more accurate, and timely notification, as well as prudent indexing", he explained.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012