Blackhat SEO even targets researchers

Filed Under: Google, Malware, Spam

In the past week I've garnered a lot of press attention from my ongoing research into the Windows shortcut vulnerability. Apparently this has brought my name to the attention of the SEO poisoners who continually target Google.

Poisoned Google search results

There were more results than shown here, so I did some poking around to see what they were. The most common poisoning and the one shown here leads to some hacked websites that are chock full of tasty keywords for search engine manipulation. None of the sites I investigated had any malicious content themselves; they appear to be using hacked blogs and sites to enhance the search rank of someone who was foolish enough to hire them to increase their Google PageRank.

Another of the poisoned pages redirected to a fake Google results page.

Poisoned Google result

Following the link displayed takes you through a series of redirects, all of which have some sort of affiliate ID number in the URL, landing you eventually at fake Canadian pharmacy websites. The Canadian pharmacy sites are on a rotation so you get a different one each time you click the link.

HTML source of poisoned page

The attack must be related to insecure versions of WordPress, since the source code shows that the pages were created using WordPress/MU. As you can see, my name is the title of this particular page.

The cat-and-mouse game between the con artists and Google continues. Throughout the day I have watched many of the poisoned results disappear as Google catches on to their techniques and puts them out of commission. Simply because a site is in a Google search result does not make it legitimate. Think before you click and take advantage of the summaries Google provides to determine whether something smells a bit phishy.

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.