SEO Poisoning

- 01 January 2011Security

SEO poisoning is the weapon-du-jour for malware distributors - it's easy to engineer and uses innate curiosity as it's fuel.

How does it work?

First.  Take a trending topic; an on-line game, celebrity gossip, a news related issue, some 'talent' show tittle-tattle - it's even better if risque images or illegal downloads are involved. 
If you're not up to date with pop-culture a quick look on Google trends will give you a good place to start.

Next.  Create a few web pages on dubious hosts with innocuous sounding names.
Fill these with malware. Being the miscreant that you are, you've probably already done this step.
Now pump these pages chock full of keywords and (searchable) images relating to the chosen topic. Because the subject is relatively fresh, little search engine traffic exists on it so far - you have a red-hot chance at some virgin ground when it comes to search engine ranking.

So, now you wait.

Meanwhile, at a school nearby, 700 impressionable users wait to find out about their celebrity slip-up, or game download. 700 users who almost certainly don't yet have the experience to spot the honeytrap you've set up.  700 users behind a quality internet connection which is just perfect for your botnet, which you can now sell to even more nefarious characters further up (or down) the criminal food chain. 

School Network Manager / SysAdmin - what can you do?

Implement serious pro-active anti-malware at your gateway. These are the latest threats and by their nature their attack is ephemeral and will have disappeared into the smoke (to reappear in a different guise) before the week is out.Hope for signature updates - it's a possibility they might arrive in time by fairy-post
Implement some search term filtering - not only will it help keep your students "on task" and not searching for games, or aforementioned risque jpegs, but it can also reduce your exposure profile when it comes to these kind of threats
Talk to Smoothwall - we know a bit more about this than most

BTW, I'm off to search for those pics of Christina Aguilera.

Tom Newton
Product Manager
Smoothwall