Ever heard of “search engine poisoning”? Yeah, the term was new to me too, but once I discovered what it meant, I became seriously disturbed.

In a nutshell, search engine poisoning (SEP) occurs when spammers and hackers rank websites in the search results to steer users to malware. Many of these malicious redirects point searchers to spam and viruses, but some are even more dangerous than that.

More and more, spammers are using SEP in an attempt to gain sensitive credit card info from unwitting consumers. This is a particularly vicious form of black hat SEO – the very worst kind, in fact. Some of these spammers rank rouge websites in Google or Bing listings, and once users land on the page, fake antivirus software is used to extract credit card info.

The most disturbing aspect of SEP is that it’s not an isolated event initiated by a few bad seeds. Instead, it’s an entire industry, and it’s so commonplace these days that whole black hat SEO kits are sold online. These setups provide the bad guys with the tools they need to launch a full-scale war on the SERPs – and most come complete with everything necessary to spawn thousands of interlinked pages designed to capitalize on popular search terms or news events in real-time.

Established malnet networks are a big threat today, and they’re everywhere, just waiting for unsuspecting users to hand over their personal info. One of the most well-known malware networks online today is called Shnakule Malnet, and SEP is the biggest earner for the backdoor network:

Image 1:

Image Credit: NBC News

Exploitation of News Events

Although a wide variety of search terms are targets for spammers engaging in search engine poisoning, the biggest topic is hot, widely searched news events. According to findings published in the Blue Coat Systems 2012 Security Report, 2011 data makes it clear that cybercriminals manipulate the SERPS based on news events simply because they’re the easiest terms to exploit.

Think about it – when news events happen, the searches are fast and furious, and hackers can use malware to capitalize on the ebb and flow of trends much faster than search engines can track. All these criminals need to accomplish is ranking websites high enough in search results to get a few clicks, and they’re in business. No sophisticated techniques necessary for this one – all they must do is provide relevant content about the news events in question. Shnakule and Cavka are the biggest malware networks in North America that employ this tactic, but there are hundreds of thousands of other smaller offenders out there polluting the landscape as well.

In its report, Blue Coat also identified key events that spawned the most SEP-based malware websites found in the SERPs in 2011. Although email attacks and social networks were also targets of spammers, search engine poisoning was by far the biggest threat. The death of Osama bin Laden, Amy Winehouse, news about the royal wedding, and the tsunami in Japan were the biggest events that drew SEP attacks in 2011.

SEP Hits Image Results (and Bing) the Hardest

When it comes to SEP, the stats are nothing short of alarming. Bing displays links to malware for two-thirds of results for some highly searched subjects, such as celebrity gossip. That’s why Microsoft’s search engine currently has the biggest problem with SEP. Users who click on these links wind up on payday loan sites, are directed to fake antivirus software, or are steered to porn websites.

However, Google’s not out of hot water, either. Although the same terms on Google produce 30% or less malicious sites, Google’s image search is still littered with poisoned results. It’s easier for these kinds of links to hide in image searches, too, since users click on pictures to be taken to sites with little regard to the text that’s attached. For whatever reason, search engines are having more trouble filtering SEP from image results. That’s why image searches are currently more risky than even celebrity gossip or spam-infested social media links these days – so watch what you click.

Staying Safe While You Surf

Cyber Monday (the biggest holiday shopping day of the year that falls on the Monday after Thanksgiving) and the holiday shopping season are both right around the corner, which is why spammers are preparing to kick their search engine poisoning efforts into high gear. It’s going to be a virtual landmine for shoppers this year, so take the time now to learn how to stay safe on the ‘net when you’ll be most at risk.

According to a quote that a representative from Microsoft offered NBC news:

“Bing [can] detect pages consisting of machine-generated spam, keyword stuffing, redirect spam or malware, allowing [it] to effectively remove such sites from results. This is done through constant innovation on finding ways to detect the various evolving versions of the kinds of spam techniques we face… [S]ignals that have been previously spammed now have countermeasures to prevent abuse.

Bing has also developed several ranking signals to help weed out spam results and better understand the intent of the searcher. We are always looking to improve the Bing user experience for customers, and remain dedicated to providing a trusted and reliable search experience.”

Although this reassurance from Microsoft may make consumers feel a bit better, Fraser Howard is still skeptical. He works for Sophos Security, and when he set out to investigate search engine poisoning, the web appliance he used to prevent attacks yielded some startling results. Based on his discoveries, Howard warns Internet users that reassurances like these from the heaviest hitters in the industry don’t carry much weight when it comes to protecting consumers. To stay safe on the web today, it’s all about taking personal responsibility while surfing.

“We all rely on the search engine providers managing to filter rogue links out of the search results (text and image searches),”
Howard wrote. “The bottom line is that we are all guilty of trusting the results we get back, and clicking through without necessarily scrutinizing the URL as closely as we might.”

Search engine poisoning is very real. Keep yourself safe when you’re online by following tips such as these from Symantec, the maker of the ever-popular Norton Antivirus software:

Image 2:

Image Source: NBC News

Also keep in mind that big news events in 2012 were huge targets for SEP efforts. Some of the terms hit hardest this year include Apple product releases, the Olympics in London, the presidential debates, and last week’s U.S. election. Analysts project that the Mayan calendar’s “end of the world” prediction will also be highly searched (and targeted for SEP attacks) in December.

According to Blue Coat’s report, search engine users have another factor on their side when it comes to dodging SEP. The sheer magnitude of results for a popular event in the news tends to drown out malicious sites, so the odds do skew in your favor. Nevertheless, using Symantec’s suggestions and practicing safe browsing will help keep you safe, especially as we enter this year’s holiday season.

By Nell Terry (c) 2012