How SEO Poisoning Works and Why You Should Care
Posted on
by
Peter James
In this week’s report of the MacDefender fake antivirus program, we mentioned how this fake antivirus is delivered to users by way of SEO poisoning techniques. In an article on Krebs on Security, journalist Brian Krebs gives some detailed information on how SEO poisoning works, and why it works so well.
One of the main targets of SEO poisoning is via Google Image search. In part this is because it is harder to trick out a full web page and get it to appear high in Google’s search results than it is to get images high in the list. Once a user clicks on a thumbnail in the Google Image search results, this sets off the malicious code that can lead to malware being delivered (or, potentially, other types of attacks).
Russian malware researcher Denis Sinegubko goes much deeper into the techniques used in this SEO poisoning, and says:
I would call this the most efficient and easy to implement black hat SEO trick to drive search traffic to a site. And you don’t actually need to hack someone else’s sites — you can implement this on your own site with similar results.
So, with this in mind, it is essential that you be very careful about Google Image searches. It’s hard to know if a site is poisoned, and the safest route might be to avoid them altogether. If you use the Firefox web browser, you should consider installing the NoScript add-on, which blocks JavaScript – the main way these attacks are carried out – but allows you to load it, if necessary, for any web sites you trust. However, the information this add-on gives is not very useful; users won’t easily know which domains or scripts are safe to allow.
Unfortunately, there is no such tool for Safari. You can fully turn off JavaScript in Safari, though this may block access to certain web sites. To do this, go to the program’s Security preferences, and uncheck Enable JavaScript.
These new techniques of SEO poisoning allow malicious users to serve malware easily via Google Image searches. Users need to be very careful about anything that downloads following a search. If you see an unexpected download, delete it.