Blackhat SEO Expose from SOPHOS!
Okay, I know that you may be thinking that Blackhat SEO is something practiced by a teensy tiny minority…but it’s the “how they do it” that is most troubling, and my hat’s off to SOPHOS for exposing this for us.
SOPHOS is the anti-virus, security company with more than 100 million users globally and yes, we use their products our own selves but did NOT receive anything for this article <note my disclaimer is now OFF>.
So, what’s the scoop, SOHPOS? First, here’s the executive summary from their recent Acrobat .pdf posting on their site found here…
“This paper describes recent research by SophosLabs into how attackers are using blackhat Search Engine Optimisation (SEO) techniques to stuff legitimate websites with content designed to rank highly in search engine results, yet redirect users to malicious sites. These websites are being used to distribute rogue security products (also known as “scareware” or “fake antivirus”) onto users’ computers. Sophos researchers have analysed the malicious SEO kits used by hackers to create networks of thousands of crosslinked pages containing searchfriendly content on hottrending topics, hosted on compromised, legitimate websites…”
Hmm…you’re asking…exactly what are we talking about here? Simple, reallly….the latest technique used by Blackhat SEO scammers who are looking to infect your computer or network is to use hot topics, plugged into search engines like Google, to get you to click on same.
Perhaps an example is needed. Remember the recent Haiti earthquake? Well, it was used (as are many many hot topics from celebrity marriage breakups to elected officials trysts or even the recent hoax reports of Kanye Wests’ death) to “poison” the serps (search engine ranking pages) with new sites that if clicked on WOULD infect your computer. We call them a “drive-by” infection in the computer world as simply landing on that web page will infect your machine….as noted, with anything from phony scareware to serious malware and yes, viruses too!
So, how much is this affecting say North America and Canada in particular? Here’s a map pulled from the SOPHOS .pdf that shows just such numbers across the globe…. Note the large numbers of NA infections and yes, Canada too (while I had to shrink down this map to include same here, it’s full sized in the SOPHOS .pdf if you wish to see it in more detail, eh!)
The .pdf article develops much more than what I’ve covered herein, and it’s recent information that can help us all learn what the best way to “find” news on hot topics can be…and while I’m trying not to steal the SOPHOS conclusions, it’s best to read the doc itself, but here’s a part of same —
“Malware distribution through SEO attacks could easily be described as beautiful in its simplicity. A straightforward case of trickery, without the need for exploits or zeroday vulnerabilities. Just a case of tricking the search engines into indexing rogue SEO pages and then tricking users into running the fake antivirus malware (and subsequently paying to register it). This simplicity should not detract from the success of such attacks however. And whilst the attacks continue to succeed, there is little need for the malware authors and distributors to change the formula.”