Blackhat SEO Back In Google Searches

JULIEN SOBRIER

April 06, 2012 - 2 Min de lectura

Security Insights

Contenido

Article
Más blogs

In 2011, Blackhat SEO links were pretty much absent from the most popular searches in Google. Instead, Blackhat SEO was used to target more specific searches. The technique heavily used to poison the searches for buying software online with hundreds of fake online stores.

Blackhat SEO

Things are starting to change in 2012. I ran some numbers on Google searches for the month of March 2012 and found:

117 malicious domains, including 66 serving Fake AV pages and 35 fake online store domains
1,142 spam/malicious links in Google searches, including 299 links leading to a Fake AV page

The number of new domains hosting fake online stores is slowly decreasing, I found only 6 new domains in March, but the number of Fake AV sites has increased significantly.

While Google search results leading to Fake AV pages used to be caused primarily by hijacked sites that were redirecting the entire site to a malicious domain, the current increase is due mostly to the targeted use of Blackhat SEO for popular searches, as it was in 2010. The big difference with current results compared to those in 2010 is that Google is doing a much better job at flagging these malicious links: 294 of the 299 search results leading to a Fake AV page were flagged by Google.

The spammers are still able to get their spam pages on hijacked sites to appear on the first result page for popular searches such as "puerile in a sentence" and "edhelper password".

Figure 1: Malicious link in first result page

The technique used is still the same. Websites are hijacked and new pages are added. Each new page is targeting a popular search term trending in Google Hot Trends. Pages from different hijacked sites are linked together to increase their rank.

As I mentioned in an earlier post, the Fake AV pages still look the same, but surprisingly, use new source code with no obfuscation in most cases.

Fake AV instead of Fake store

The second trend I see is the increase in Fake AV links in searches related to software sales, like "Buy Windows 7". This is something I noted last year. The increase in search results leading to malware (Fake AV pages and others) where you would usually find fake stores is alarming because Google has not yet cleaned up these results. None of the spam links sending users to fake stores are flagged by Google.

Gracias por leer

¿Este post ha sido útil?

Sí, ¡Muy útil!

La verdad, no

Exención de responsabilidad: Este blog post ha sido creado por Zscaler con fines informativos exclusivamente y se ofrece "como es" sin ninguna garantía de precisión, integridad o fiabilidad. Zscaler no asume responsabilidad alguna por cualesquiera errores u omisiones ni por ninguna acción emprendida en base a la información suministrada. Cualesquiera sitios web de terceros o recursos vinculados a este blog se suministran exclusivamente por conveniencia y Zscaler no se hace responsable de su contenido o sus prácticas. Todo el contenido es susceptible a cambio sin previo aviso. Al acceder a este blog, usted acepta estas condiciones y reconoce su responsabilidad exclusiva de verificar y utilizar la información según sea precisa para sus necesidades.

Explorar más blogs de Zscaler

Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware

Leer el blog

A bottle of poison labeled as "SEO Poison".

Black Hat SEO Leveraged to Distribute Malware

Leer el blog

A DeepSeek-like icon over blue digital waves.

DeepSeek Lure Using CAPTCHAs To Spread Malware

Leer el blog