What is SEO Poisoning?
SEO poisoning, also known as search poisoning, is an attack technique where cybercriminals create malicious websites and use search engine optimization tactics to make them prominently appear in search results. The real goal of the hacker is to infect visitors with malware or fraudulently gain access to sensitive information to use it for identity theft.
These sites are associated with terms that a large number of people are likely to be searching for at any given time, such as phrases related to holidays, news, and viral videos. According to Websense Security Labs, as many as a quarter of top search results homepages link to malicious websites.
Examples of SEO Poisoning Attacks:
A user is looking for something with the help of their favorite search engine. The hacked sites that are hosting malicious PDFs appear in search results.
- After that, the user clicks on a poisoned SEO link.
- The user navigates a malicious PDF file. By clicking one of the download buttons, the user performs several HTTP redirects, after which the malicious payload is downloaded to the endpoint.
- The large size of the malicious payload exceeds the file size limits set by sandboxes and so on.
Attackers create websites with names and descriptions related to popular or trending topics. For example, in the weeks leading up to Halloween, attackers may launch websites offering free Halloween costume designs. In the weeks or months leading up to Christmas, they might launch websites with holiday recipes. Sites may be stripped of relevant content or contain content stolen from actual sites.
How Does the Hacker Use it?
Hackers access legitimate sites that rank well on Google and enter many specific search queries into them. Because the site is respected and ranked higher than its visitors who land on the site, they are more likely to agree that everything on the site is legal. Hackers use this trust by adding infected content to the site.
This poisoned content appears in search results as a PDF file that must be downloaded to be viewed. When a user clicks on a download link, it decides their fate. Behind the scenes, they are redirected several times and eventually end up on an infected site controlled by hackers, where the malicious payload is dropped onto the visitor’s device.
Both of these campaigns used reputable WordPress sites using a hidden flaw in a plugin called Terrible Forms. The hackers install their malicious PDF files into the wp-content/uploads/formidable/ folder.
Most ransomware attackers charge exorbitant fees to regain access to your files.
- In SEO poisoning, cybercriminals use social engineering to create malicious websites full of malware, making these websites genuine, to fool unsuspecting users.
- They then use SEO to populate search results with links to those sites. To attract more victims, the creators use high search volume related to trending topics and currently popular websites when creating fake websites.
- Another attack method to poison SEO is to infect links on genuine websites, such as images and headlines.
- Victims unknowingly click on a link to an infected website and are then redirected to a malicious website, where they simply browse the infected website and face various threats, including Trojans and bots.
- Once the device is hacked, the hackers will be able to do what they recommend: access personal information like credit card transactions, deny users access to their files and demand a ransom for decryption keys, steal identities and turn the device into an integral part of their botnet, etc.
Installation of Malicious Software
Malicious software on the site can use the visitor’s computer for a botnet or install a Trojan to steal login information. Another trick is to give the user the product they are planning to purchase to access their credit card details.
Tips to protect from SEO poisoning attacks:
- To protect against search attacks, security experts recommend avoiding clicking on suspicious-looking links. They advise you to never provide personal information online unless you are sure the site is valid and that the transaction is safe.
- When browsing the internet, beware of sites you’ve never heard of before, or rather stick to the ones you know. While legitimate websites are still susceptible to poisoning, they are less likely to infect you.
- Make sure your antivirus is up to date. Your antivirus acts as a wall between a malicious website and your device, and keeping it up to date will help prevent many new threats. Although antivirus protection does not provide complete coverage, it can still make a big difference.
- Use the latest browser version. Modern browsers are equipped with features that use the latest technology to detect malicious and fake sites, so it’s important to always update your browser to the latest version.
- Be extra careful when opening attachments – Trojan files are currently circulating on the Internet, so be careful when opening attachments. Make sure they are from a trusted site.
- Install a VPN on your device. Installing a trusted virtual private network (VPN) on your device can protect it from malware caused by SEO poisoning. The best VPN is Hotspot Shield.