Friday, March 26, 2010

SEO poisoning on the rise

The people who push malware love to trap victims via search. Security companies refer to what they do as "SEO (Search Engine Optimization) poisoning." They identify popular search terms, figure out which ones are likely to bring them suitable targets, and then optimize pages so engines like Google and Bing display their results on the first page -- mixed in amongst the non-malicious pages you actually wanted to find.

So what search words are most likely to get you into trouble? Bearshare (46% malicious sites) and screensaver (42% malicious sites).
The blog post here gives an idea of what kinds of black hat SEO techniques are frequently employed by cyber criminals.
Search engine optimization (SEO) is a collection of techniques used to achieve higher search rankings for a given website. "Black hat SEO" is the method of using unethical SEO techniques in order to obtain a higher search ranking. These techniques include things like keyword stuffing, cloaking, and link farming, which are used to "game" the search engine algorithms.
Cyber criminals also exploits the current hot news (celebrity affairs, death, etc.) at any given time to have search results for malicious pages with high ranks as people are likely to search for such news.

It is a good idea to make your web sites xss safe. If you are a PHP developer, htmlspecialchars and htmlentities are two very useful functions in this regard.

If you are a user, think before you click!

No comments: