Search Engine Poisoning

106 26
If there were any such thing as a ‘door’ to the Web, it would be the search engine. Google, Yahoo, Bing, and other search engine "spiders" constantly crawl the Web, cataloging the results in order to provide a ranked list of sites matching the particular query (keywords) you've provided. Search engine poisoning exploits that technology, such that the delivered results may contain links to malware or other unsavory sites.


The Web is unstructured and non-linear; it has no beginning and no end and, like the universe, continues to grow and expand outward. Such a vast amount of information exists on the Web that culling the specific content you need from the hundreds of millions of websites hosting content on the Web is simply not humanly possible. Not, that is, without the aid of technology.

Search engine placement can be described as the holy grail of Web commerce – changing Hollywood’s fictitious ‘if you build it, they will come’, to the more realistic ‘if you can get prominent placement on search engine results pages (SERPs), they will come’. Search engine placement is a critical factor in determining the success or failure of any commercial Web endeavor.

As a result, search engine optimization (SEO) - the art of causing a particular website to appear higher in the SERPs - is an industry unto itself. And, as with any other legitimate business model, it is an industry that criminals worked quickly to exploit.

Search engines employ several different methodologies to rank websites. Black hat SEO (search engine optimization) attempts to exploit weaknesses or loopholes in these methodologies in order to trick the search engine into awarding a higher SERPs (search engine results page) ranking.

Search engine placement is a competitive field. Users interact with search engines by entering one or more keywords describing the information they are seeking. This makes keywords some of the most valuable commodities traded on the Web.

Keyword hijacking – a form of search engine poisoning which can also take the form of brand hijacking – is an attempt to entice viewers by piggy-backing on the popularity of a particular keyword or brand name. According to a 2009 report from the CMO Council:
“Traffic diversion and pay-per-click abuse uses search marketing abuse to drive traffic to a competitive or illicit site. One common type is pay-per-click (PPC) abuse, in which the target site displays lucrative pay-per-click ads – ads which might never be seen if not for the use of a legitimate brand to attract viewers. Even worse, PPC ads might promote competitive products.

Wherever traffic diversion leads a user, the result is the same: domain owners generate revenue at the expense of the legitimate brand owners, whose online marketing investments are diluted.

The practice is lucrative: pay-per-click sites targeting the world’s top 30 brands were up 24 percent in 2008.”

In addition to diverting revenue from the brand owners, keyword hijacking can also trick users into trusting website content or offers (believing it to be from the legal brand holder), and thus cause those users to unwittingly agree to the installation of malware.

Spamdexing
Because modern search engines weigh reputation, popularity and keyword saturation, search engine poisoning requires a steady supply of unwitting accomplices. In spamdexing, compromised websites are outfitted with pages containing lists of links and keywords.

Spamdexing can also be run via blogs, re-purchased domains, and comment spam although these methods are generally easier for search engine vendors to detect and thwart.

Spamdexing is also highly automated. Attackers use Google Trends and other keyword popularity reports to gauge current interest levels and automatically modify the illicit links to apply to that specific topic. Because the links are contained on reputable sites, the malicious links are digested by the search engine spiders and given higher importance in SERPs based on that affiliation.

As a result of spamdexing, any breaking news events that have high global interest will almost immediately result in search engine poisoning for keywords related to those events.

The combined impact of keyword hijacking and spamdexing means that search engine results can be tainted with malicious links or lead to websites that have no bearing to the searched term.
Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time

Leave A Reply

Your email address will not be published.