Beware Evil Search Results: Malware Links in Google
|
Written By Sepideh Saremi | November 28, 2007 | Share This
|
|
ComputerWorld reported yesterday that some well-coordinated, pernicious, black hat SEO work led to the appearance of malware, or malicious software, sites in search engine result pages of major engines, including Google (screenshots were on the Sunbelt Blog). From ComputerWorld:
A large-scale, coordinated campaign to steer users toward malware- spewing Web sites from Google and other Internet search engines is under way, security researchers said Tuesday.
Users searching Google, Yahoo, Microsoft Live Search and other engines with any of hundreds of legitimate phrases — from the technical “how to cisco router vpn dial in” to the heart-tugging “how to teach a dog to play fetch” — will see links near the top of the results listings that lead directly to malicious sites hosting a mountain of malware.
Apparently Google has since removed the offending links, which went to sites that prompted the malware downloads, but Natural Search Blog notes the effort was cleverly timed to coincide with the week after Thanksgiving, particularly Cyber Monday, when people are spending a lot of time shopping online:
I think it’s not at all a coincidence that the attack was timed to occur right on the first weekend of the holiday shopping season and Cyber Monday when more people are likely conducting keyword searches than any other time of year. Deploying the malware now was likely intended to infect as many computers as possible before the malware was detected and the sites deleted from listings.
Natural Search Blog also provides a good explanation of how it was pulled off. Pure evil follows - don’t try this at home:
The methods these unethical developers used are pretty “classic” black-hat tactics. For many years now, blackhat optimizers have used automated agents to insert keyworded textlinks into blog and forum comment areas and online guestbooks, pointing back to their sites in an effort to built PageRank. In addition, really old and crusty black hat techniques include keyword stuffing — adding tons of keywords on a page in an effort to make the page relevant for words and phrases. Also, the bait-and-switch technique of allowing one page to get indexed by search engines while redirecting human users to a different URL is pretty well known.
Thanks for the info, however, this reminds me…. here’s little experiment I did with the Google image search
Top Ten Google Images Mistakes
http://www.listbums.com/view_profile.php?uid=10&list_id=702