Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
Blackhat SEO Back In Google Searches
Security Research

Blackhat SEO Back In Google Searches

image
JULIEN SOBRIER
April 06, 2012 - 2 分で読了

In 2011, Blackhat SEO links were pretty much absent from the most popular searches in Google. Instead, Blackhat SEO was used to target more specific searches. The technique heavily used to poison the searches for buying software online with hundreds of fake online stores.

Blackhat SEO

Things are starting to change in 2012. I ran some numbers on Google searches for the month of March 2012 and found:

  • 117 malicious domains, including 66 serving Fake AV pages and 35 fake online store domains
  • 1,142 spam/malicious links in Google searches, including 299 links leading to a Fake AV page

The number of new domains hosting fake online stores is slowly decreasing, I found only 6 new domains in March, but the number of Fake AV sites has increased significantly.

While Google search results leading to Fake AV pages used to be caused primarily by hijacked sites that were redirecting the entire site to a malicious domain, the current increase is due mostly to the targeted use of Blackhat SEO for popular searches, as it was in 2010. The big difference with current results compared to those in 2010 is that Google is doing a much better job at flagging these malicious links: 294 of the 299 search results leading to a Fake AV page were flagged by Google.

The spammers are still able to get their spam pages on hijacked sites to appear on the first result page for popular searches such as "puerile in a sentence" and "edhelper password".

Malicious link in first result page
Figure 1: Malicious link in first result page

The technique used is still the same. Websites are hijacked and new pages are added. Each new page is targeting a popular search term trending in Google Hot Trends. Pages from different hijacked sites are linked together to increase their rank.

As I mentioned in an earlier post, the Fake AV pages still look the same, but surprisingly, use new source code with no obfuscation in most cases.

Fake AV instead of Fake store

The second trend I see is the increase in Fake AV links in searches related to software sales, like "Buy Windows 7". This is something I noted last year. The increase in search results leading to malware (Fake AV pages and others) where you would usually find fake stores is alarming because Google has not yet cleaned up these results. None of the spam links sending users to fake stores are flagged by Google.

 

form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

免責事項:このブログは、Zscalerが情報提供のみを目的として作成したものであり、「現状のまま」提供されています。記載された内容の正確性、完全性、信頼性については一切保証されません。Zscalerは、ブログ内の情報の誤りや欠如、またはその情報に基づいて行われるいかなる行為に関して一切の責任を負いません。また、ブログ内でリンクされているサードパーティーのWebサイトおよびリソースは、利便性のみを目的として提供されており、その内容や運用についても一切の責任を負いません。すべての内容は予告なく変更される場合があります。このブログにアクセスすることで、これらの条件に同意し、情報の確認および使用は自己責任で行うことを理解したものとみなされます。

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。