Of course, in their case, the content that they are pushing is malware that aims to use their unsuspecting victims' computer to send spam, launch denial of service attacks, or steal valuable information from other users, such as online banking passwords and credit card numbers. The financial goals are nothing new, but the technique of using search engine optimisation (SEO) shows the growing sophistication of the spammer and malware-writing community.
Let's take a look at how spammers and the malware authors utilise SEO to better target their attacks.
In order to improve their site rankings in search engines, spammers create websites that focus on one specific key word or search term. By using hundreds or thousands of these key words, the people behind these schemes can generate a large amount of traffic to their web pages. When unsuspecting users type in one of the search terms used by these scammers into a search engine, they may find malicious websites mixed in with the legitimate pages in the search results. Some infected websites may even appear on the first page of returns.
Recently, Marshal8e6 TRACElabs observed one spammer SEO operation that used millions of search terms covering almost any topic imaginable to influence as many searches as possible. For example, users entering seemingly innocuous search terms like "ski Alaska" were presented with malicious links appearing at the top of the search results page. Another malicious SEO operation used top search terms from Google's Hot Trends service to help drive users to websites hosting malicious code. This was a particularly nefarious scheme, trying to leverage top searches in order to target potential victims.
Once users click through to the malicious websites found in these search results, they are often presented with messages urging them to download what appears to be legitimate antivirus software. They're told that their computer has been infected with a virus, and that immediate action is necessary. Unfortunately, the pop-up instead downloads rogue antivirus software that does much more harm than good, as well as fleecing the user for the licensing cost of the supposed anti-virus software.
These new SEO schemes add a new layer of complexity to the challenge of increasing employee vigilance around web threats. While many users can spot malicious spam emails and know to steer clear of pornographic websites, most are unaware that their casual searches on Google could actually bring up several malicious websites, even on the first page of search results.
So how can users prevent themselves from falling prey to infected websites found in search results?
In some cases, the user may be able to identify a suspicious site by simply reading the URL. Some examples of malicious domain names are "peziueued.xorg.pl", "bicoamigq.xorg.pl", and "ubiuexiia.xorg.pl". Domains that are out of the ordinary should be approached with extreme caution.
In addition, users should be extremely wary of downloading any executable files or browser plug-ins on the web, especially from untrusted sources. Don't believe a pop-up window if it says your computer is infected with malware. Instead, contact your network administrator.
At the end of the day, user education and acceptable use policy enforcement are still some of the best ways to protect both users and an enterprise's network. Cybercriminals are only going get more sophisticated as time goes on, so users must keep themselves informed on the latest threats in order to protect themselves.
Bradley Anstis is the director of technology strategy at Marshal8e6, a provider of email and Web security technologies.