On Monday, Sunbelt Software’s security blog revealed that thousands of malware redirects were showing up in search engine results. Network bots designed to post relevant keywords and spam links in various online forms (think forum posts or blog comments) helped attackers claim high-ranking search engine positions for various obscure and seemingly innocuous search terms. According to Sunbelt, two of the thousands of terms were “infinity” and “hospice.” Yeah, that’s cool. Search for hospice information for a sick friend or family member, potentially get your system infected with nasty malware.
On Tuesday, Sunbelt revealed more information about the ill-effects clicking on these fake links could have on a vulnerable system (as a reminder – ALWAYS keep your browser and Internet security tools up to date). Best case scenario – you might end up with one of those annoying toolbars and pop-up ads for fake security software. Worst case? Your computer could be used to generate false-clicks for the attacker’s pay-per click programs (so they infect your system so that you can make them money), or worse still, that bot could load other malware/worms/trojans onto the unprotected system. Further investigation also revealed that these SEO-poisoning attacks were targeted at Google, although other search engines may have also been victim to the attacks.
Google has cleansed more than 40,000 of these hosting sites from their index, so for now – it looks like the biggest source of this sort of attack has been taken offline.OK – you might be thinking, spam search results show up everyday – why is this a big deal? It’s a big deal because the techniques used for these attacks was more clever and thought out than the typical SEO-poisoning. It’s also a big deal just based on the sheer scale of sites and domains dedicated to hosting these links and because of the malware involved.
It’s great the Google stepped up and cleansed the index so quickly after being made aware of the problem, but this should be a big (or continuing) wake-up call to users who don’t stay up to date with security updates or don’t have some sort of Internet security solution. And while Windows users are obviously the users who are most directly affected by these types of attacks, having these kinds of search results show up as relevant, even if the link can’t harm your system, is bad for the Internet community as a whole.
There’s lots of talk within the tech community, especially the blogosphere about using SEO and how it’s GOOD for bloggers and doesn’t negatively affect readers/searchers/regular users. This is a lie. Instead of Search Engine Optimization, SEO should really stand for Search Engine Opportunism, because that’s what it really is. Look, we certainly don’t object to gaining revenue from ads or page-views on a web site, that’s why we are able to do what we do; we do object to gaming the system and using loopholes to insert web sites into search queries that really have nothing to do with the content. Techniques to make sure your relevant content shows up in corresponding searches is one thing — inserting back-door code that is aimed at getting higher page ranks and more page views, regardless if the targets are actually correct, is another. To us, the type of SEO attacks revealed this week are only a few steps away from what tons of bloggers/websites do every day: purposely try to game search engines just so they can get more hits to their site, and by extension, maybe make a few extra dollars. Unless you are running a straight-up scam link-farm or very, very lucky — the highest search engine rank in the world is not going to have lasting benefits if the content is nonexistent.